Creating an OpenSSL Certificate

This post is more of a reminder to myself than any public service regarding creating certificates. It’s one of those tasks I need to do once or twice a year, but always forget how to do it. This entry simply reminds me of the commands I need.

Create the private key:

openssl genrsa -out new.pem 2048

Create the certificate signing request file:

openssl req -new -key new.pem -out new.csr

Sign the certificate using your CA:

openssl x509 -CA ca.crt -CAkey ca.key -req -in new.csr -CAserial ca.srl -out new.crt -days 365

And finally export it in PKCS12 format for use elsewhere:

openssl pkcs12 -export -clcerts –inkey new.pem –in new.crt -out new.p12 -name 'My Convenient Name'

Done! That wasn’t too hard to remember was it?