Much of this is referenced from Schnouki. I tweaked things a bit to fit my setup.
Setup the OpenSSL environment
mkdir ssl
cd ssl
mkdir demoCA
mkdir demoCA/newcerts
mkdir demoCA/crl
echo "00" > demoCA/serial
echo "00" > demoCA/crlnumber
touch demoCA/index.txt
cp /etc/ssl/openssl.cnf .
Generate CA key
openssl genrsa -out demoCA/cakey.pem 2048
openssl req -new -x509 -days 3650 -key demoCA/cakey.pem -out demoCA/cacert.pem
Create client cert request (set CA to username)
openssl genrsa -out clientkey.pem 2048
openssl req -config openssl.cnf -new -key clientkey.pem -out client.csr
Process the cert request
openssl ca -batch -config openssl.cnf -days 3650 -in client.csr -out clientcert.pem -keyfile demoCA/cakey.pem -cert demoCA/cacert.pem -policy policy_anything
openssl pkcs12 -export -in clientcert.pem -inkey clientkey.pem -certfile demoCA/cacert.pem -out client.p12
| Created: 2024-05-21 | Modified: 2024-06-04 |