$ openssl version
OpenSSL 1.1.0g 2 Nov 2017.pem: Base 64 format.der: Binary format.csr: Certificate Signing Request.crtor.cer: Certificate.p12: Binary format wrapping a key and a certificate in one file
Self signed certificate:
openssl req -x509 \
-newkey rsa:4096 \
-keyout ca.key.pem \
-out ca.crt.pem \
-days 1825 \
-subj "/CN=$COMMON_NAME" \
-passout pass:my_great_passwordCreate a key : openssl genrsa -out private.key.pem 4096
Create a .csr from key : openssl req -new -key private.key.pem -out certificate_request.csr.pem
Create a .csr from key (non-interactive) :
openssl req -new \
-key private.key.pem \
-out certificate_request.csr.pem \
-subj "/C=$COUNTRY/ST=$STATE/L=$CITY/O=$ORGANIZATION/OU=$ORGANIZATION_UNIT/CN=$COMMON_NAME"Sign certificate :
openssl x509 -req \
-in certificate_request.csr.pem \
-days 1825 \
-CA ca.crt.pem \
-CAkey ca.key.pem \
-set_serial 01 \
-out my_public_certificate.crt.pem- Crt
openssl x509 -outform der -in my_public_certificate.crt.pem -out my_public_certificate.crt.der- Key
openssl rsa -outform der -in private.key.pem -out private.key.derConvert key to pkc8 without password :
openssl pkcs8 -topk8 \
-inform pem \
-outform pem \
-in private.key.pem \
-out private.key.pkcs8.pem -nocryptCreate .p12 (interactive) :
openssl pkcs12 -export -out keyStore.p12 -inkey private.key.pem -in my_public_certificate.crt.pemUpdate certificate :
sudo dpkg-reconfigure ca-certificates
sudo update-ca-certificatesCreate ks from crt :
keytool -import -alias ca -file ca.crt.pem -keystore ca.ks