Create a Public Private key and Private CA and certificate

Spread the love

Create PEM private key:

openssl genrsa -out rsa_2048_priv.pem 2048

Create pem public key by using the private key:

openssl rsa -pubout -in rsa_2048_priv.pem -out rsa_2048_pub.pem

Create Certificate signing request (CSR)

openssl req -new -key rsa_2048_priv.pem -out CSR.csr

Create Private CA Private key

openssl req -new -newkey rsa:4096 -nodes -out MY_CA_CSR.csr -keyout MY_CA_private_key.key -sha512

Create Private CA Certificate

openssl x509 -signkey MY_CA_private_key.key -days 9000 -req -in MY_CA_CSR.csr -out MY_CA_certificate.arm -sha512

Now use this private CA certificate to sign the CSR generated earlier

openssl x509 -req -days 1800 -in CSR.csr -CA MY_CA_certificate.arm -CAkey MY_CA_private_key.key -out MY_certificate.arm -set_serial 01 -sha512

You should use a trusted CA to sign your CSR and give you back the certificate. But that costs money, so it depends on your use case, if you need CA signed certificate.

Export as PFX (Certificate with public key + id and private key)

openssl pkcs12 -export -out portable_cert.pfx -inkey rsa_2048_priv.pem -in MY_certificate.arm

You can add password to protect you pfx file (it will be asked in above command)

arm and crt files are same. you can rename arm to crt or cert (I didn’t found any reference where any difference was mentioned).

Get keystore information:

keytool -v -list -storetype pkcs12 -keystore portable_cert.pfx

Cheers and Peace out!!!