Config
[usr_cert]
keyUsage = digitalSignature
extendedKeyUsage = clientAuth
[req]
keyUsage = digitalSignature
extendedKeyUsage = clientAuth
distinguished_name = req_distinguished_name
x509_extensions = v3_ca # The extentions to add to the self signed cert
req_extensions = v3_req
x509_extensions = usr_cert
[req_distinguished_name]
[ v3_req ]
keyUsage = digitalSignature
extendedKeyUsage = clientAuth
CA erstellen
openssl genrsa -out ca.key 2048
openssl req -new -x509 -key ca.key -out ca.crt -subj '/CN=www.uniplus.de/O=UNIPLUS Software GmbH/C=DE' -days 1095 -config config.cnf
Client Zertifikat Request erstellen
openssl genrsa -out $1.key 2048
openssl req -new -key $1.key -out $1.csr -subj "/CN=SOAP Client 3-$2 Produktiv/O=3-$2/C=DE" -config config.cnf
Signiertes Client Zertifikat erstellen
openssl x509 -req -in $1.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out $1.crt -days 1095 -extfile config.cnf -extensions usr_cert
PKCS#12 Bundle erstellen
openssl pkcs12 -export -out $1.p12 -inkey $1.key -in $1.crt