By Sachin Kumar Create PEM private key:
openssl genrsa -out rsa_2048_priv.pem 2048Create pem public key by using the private key:
openssl rsa -pubout -in rsa_2048_priv.pem -out rsa_2048_pub.pemCreate Certificate signing request (CSR)
openssl req -new -key rsa_2048_priv.pem -out CSR.csrCreate Private CA Private key
openssl req -new -newkey rsa:4096 -nodes -out MY_CA_CSR.csr -keyout MY_CA_private_key.key -sha512Create Private CA Certificate
openssl x509 -signkey MY_CA_private_key.key -days 9000 -req -in MY_CA_CSR.csr -out MY_CA_certificate.arm -sha512Now use this private CA certificate to sign the CSR generated earlier
openssl x509 -req -days 1800 -in CSR.csr -CA MY_CA_certificate.arm -CAkey MY_CA_private_key.key -out MY_certificate.arm -set_serial 01 -sha512You should use a trusted CA to sign your CSR and give you back the certificate. But that costs money, so it depends on your use case, if you need CA signed certificate.
Export as PFX (Certificate with public key + id and private key)
openssl pkcs12 -export -out portable_cert.pfx -inkey rsa_2048_priv.pem -in MY_certificate.armYou can add password to protect you pfx file (it will be asked in above command)
arm and crt files are same. you can rename arm to crt or cert (I didn’t found any reference where any difference was mentioned).
Get keystore information:
keytool -v -list -storetype pkcs12 -keystore portable_cert.pfxCheers and Peace out!!!