Skip to content

Tag: PKI

How to generate self signed certificates with openssl

This article shows how to generate self signed CA, then use it to generate csr and client/server certificate.

We will use openssl to deal with the certs and look at various command line options so we can:
1. generate ca and certs without human intervention, which could be useful during automation
2. validate generated certificate
3. look how to add extensions to the certs

Create CA

Generate CA key

1.1 phrase by default enter manually

openssl genrsa -des3 -out ca.key 4096

Generating RSA private key, 4096 bit long modulus
............................++
....................++
e is 65537 (0x10001)
Enter pass phrase for ca.key:
Verifying - Enter pass phrase for ca.key:

1.2 or read from file

openssl genrsa -des3 -passout file:mypass.txt  -out ca.key 4096

1.3 or elsewhere

vault read  --field=value secret/path_to_ca_key/password | openssl genrsa -des3 -passout stdin  -out ca.key 4096 -
Comments closed