openssl req -config ./openssl.cnf -newkey rsa:2048 -nodes -keyform PEM -keyout cakey.pem -x509 -days 3650 -extensions certauth -outform PEM -out cacert.pem
generovani klice serveru
openssl genrsa -out server.key 2048
generovani zadosti o certifikat serveru
openssl req -config ./openssl.cnf -new -key server.key -out server.req
generovani certifikatu serveru
openssl x509 -req -in server.req -CA cacert.pem -CAkey cakey.pem -set_serial 100 -extfile openssl.cnf -extensions server -days 365 -outform PEM -out server.pem
generovani klice clienta
openssl genrsa -out client.key 2048
generovani zadosti o certifikat clienta
openssl req -config ./openssl.cnf -new -key client.key -out client.req
generovani certifikatu clienta
openssl x509 -req -in client.req -CA cacert.pem -CAkey cakey.pem -set_serial 101 -extfile openssl.cnf -extensions client -days 365 -outform PEM -out client.pem
klientsky certifikat s heslem ve formatu pkcs12
openssl pkcs12 -export -in client/client_test.pem -inkey client/client_test.key -out client/client_test.p12
[ req ] default_md = sha1 distinguished_name = req_distinguished_name [ req_distinguished_name ] countryName = Zkratka Zeme (2 znaky) countryName_default = CZ stateOrProvinceName = Zeme (cele jmeno) stateOrProvinceName_default = Czech Republic countryName_min = 2 countryName_max = 2 localityName = Mesto localityName_default = Mlada Boleslav organizationName = Firma organizationName_default = Nazev Firmy emailAddress = admin@domain.cz commonName = Smart CA commonName_max = 64 default_days = 3650 default_crl_days = 30 [ certauth ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always basicConstraints = CA:true crlDistributionPoints = @crl [ server ] basicConstraints = CA:FALSE keyUsage = digitalSignature, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth nsCertType = server crlDistributionPoints = @crl [ client ] basicConstraints = CA:FALSE keyUsage = digitalSignature, keyEncipherment, dataEncipherment extendedKeyUsage = clientAuth nsCertType = client crlDistributionPoints = @crl [ crl ] URI=http://testca.local/ca.crl