I have posted before about creating self-signed client certificates with makecert utility. Today I’d like to describe step by step how we can do it with OpenSSL.
Client certificates are essential for mutual SSL authentication. During development and testing, I usually need self-signed ones for simplicity.
First, we need to create a Root CA certificate which will be used for creating the Server and Client certificates.
To make it simple, I’ve added the passwords to the commands (with the value “changeme”)!
openssl genrsa -aes256 -passout pass:changeme -out ca.pass.key 4096
This command creates an encrypted RSA private key for CA Root.
openssl rsa -passin pass:changeme -in ca.pass.key -out ca.key
This command extracts RSA private key.
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
This command creates the root certificate with the key. For this request, I supplied some dummy information for the fields Country Name, State or Province Name, Locality Name (eg, city) [Default City], Organization Name (eg, company) [Default Company Ltd], Organizational Unit Name (eg, section), Email Address.