Creating certification authority :
$cd /etc/newcerts
$openssl genrsa 2048 > ca-key.pem
$openssl req -new -x509 -nodes -days 1000 -key ca-key.pem > ca-cert.pem
NOTE: Last command will ask for details of certificate provider. So, provide short names
Creating certificate for server using above CA certificate :
$openssl req -newkey rsa:2048 -days 1000 -nodes -keyout server-key.pem > server-req.pem
$openssl x509 -req -in server-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
NOTE: First command may ask for a password. Don't provide it. Just press enter key for two times.
Creating certificate for client using above CA certificate(similar like server) :
$openssl req -newkey rsa:2048 -days 1000 -nodes -keyout client-key.pem > client-req.pem .
$openssl x509 -req -in client-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
NOTE : Provide details of client owner who will contact server. Short names may be same
Now client will contact to server using client-cert.pem and server will consult it its server-cert.pem and approve encryption.
Note that I have used same CA to generate cert for server as well as for client.
$cd /etc/newcerts
$openssl genrsa 2048 > ca-key.pem
$openssl req -new -x509 -nodes -days 1000 -key ca-key.pem > ca-cert.pem
NOTE: Last command will ask for details of certificate provider. So, provide short names
Creating certificate for server using above CA certificate :
$openssl req -newkey rsa:2048 -days 1000 -nodes -keyout server-key.pem > server-req.pem
$openssl x509 -req -in server-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
NOTE: First command may ask for a password. Don't provide it. Just press enter key for two times.
Creating certificate for client using above CA certificate(similar like server) :
$openssl req -newkey rsa:2048 -days 1000 -nodes -keyout client-key.pem > client-req.pem .
$openssl x509 -req -in client-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
NOTE : Provide details of client owner who will contact server. Short names may be same
Now client will contact to server using client-cert.pem and server will consult it its server-cert.pem and approve encryption.
Note that I have used same CA to generate cert for server as well as for client.