How to Create a Client Certificate with Configuration using OpenSSL
In my previous post (https://mcilis.medium.com/how-to-create-a-server-certificate-with-configuration-using-openssl-ea3d2c4506ac) I’ve talked about creating a root CA certificate and a server certificate with extensions configuration. Now, I’ll continue with creating a client certificate that can be used for the mutual SSL connections.
In the following commands, I’ll be using the root certificate (root-ca) created in my previous post!
Generate the client key:
Execute:
openssl genrsa -out "client.key" 4096
Generate CSR:
Execute:
openssl req -new -key "client.key" -out "client.csr" -sha256 -subj '/CN=Local Test Client'
Configure the client certificate:
We need to create a file (client.cnf) and add the following content:
[client]
basicConstraints = CA:FALSE
nsCertType = client, email
nsComment = "Local Test Client Certificate"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth, emailProtection