Skip to content

Test creclient

Jump to bottom Edit New page
gmallard edited this page Mar 4, 2012 · 2 revisions

Create the Client Key and Certificate

Create the Client's Private Key

Enter the command:

openssl genrsa -out client.key 2048

This creates the Client's private key (file client.key).

Create A CSR for the Client's Certificate

Enter the command:

openssl req -new -key client.key -out client.csr

As usual you will be prompted for information to include in the CSR. This example is:

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Florida
Locality Name (eg, city) []:Orlando
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Internet Widgets Pty Ltd
Organizational Unit Name (eg, section) []:Client Computer
Common Name (eg, YOUR name) []:localhost
Email Address []:[email protected]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:password
An optional company name []:

This creates the CSR for the Client's certificate (file client.csr).

Sign the CSR and Create the Client's Certificate

Enter the command:

openssl ca -in client.csr -cert TestCA.crt -keyfile TestCA.key -out client.crt

Information about the CSR will be displayed, and you will be prompted twice for permission to proceed:


Using configuration from /usr/lib/ssl/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 2 (0x2)
        Validity
            Not Before: Mar  4 18:56:29 2012 GMT
            Not After : Mar  4 18:56:29 2013 GMT
        Subject:
            countryName               = US
            stateOrProvinceName       = Florida
            organizationName          = Internet Widgets Pty Ltd
            organizationalUnitName    = Client Computer
            commonName                = localhost
            emailAddress              = [email protected]
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                DA:6C:DF:64:65:C9:2B:32:86:86:9B:DC:44:4F:A5:21:FC:08:BD:2A
            X509v3 Authority Key Identifier: 
                DirName:/C=US/ST=Florida/L=Orlando/O=Internet Widgets Pty Ltd/OU=Headquarters/CN=localhost/[email protected]
                serial:B6:4A:01:B0:64:DF:4D:2A

Certificate is to be certified until Mar  4 18:56:29 2013 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

This creates the client's certificate (file client.crt).

Add a custom footer
Add a custom sidebar
Clone this wiki locally