This post is more of a reminder to myself than any public service regarding creating certificates. It’s one of those tasks I need to do once or twice a year, but always forget how to do it. This entry simply reminds me of the commands I need.
Create the private key:
openssl genrsa -out new.pem 2048
Create the certificate signing request file:
openssl req -new -key new.pem -out new.csr
Sign the certificate using your CA:
openssl x509 -CA ca.crt -CAkey ca.key -req -in new.csr -CAserial ca.srl -out new.crt -days 365
And finally export it in PKCS12 format for use elsewhere:
openssl pkcs12 -export -clcerts –inkey new.pem –in new.crt -out new.p12 -name 'My Convenient Name'
Done! That wasn’t too hard to remember was it?