Skip to content

TLS Cert Creation

Create a CSR

openssl genrsa -out cert_name.key 2048
openssl req -config openssl.cnf -new -key cert_name.key -out cert_name.csr

Check Contents of CSR

openssl req -in cert_name.csr -noout -text

Create Certificate

openssl ca -config openssl.cnf -extensions server_cert -in cert_name.csr -out cert_name.pem

Verify Certificate

openssl x509 -noout -text -in cert_name.pem

Verify Certificate and Key Matches

$ openssl x509 -noout -modulus -in cert_name.pem | openssl md5
(stdin)=8298db7d4e44ec7c0ca11a831edcb01d

$ openssl rsa -noout -modulus -in cert_name.key | openssl md5
(stdin)=8298db7d4e44ec7c0ca11a831edcb01d

https://jamielinux.com/docs/openssl-certificate-authority/sign-server-and-client-certificates.html