CA und eigens signierte Zertifikate

Config

[usr_cert]
keyUsage         = digitalSignature
extendedKeyUsage = clientAuth

[req]
keyUsage         = digitalSignature
extendedKeyUsage = clientAuth
distinguished_name      = req_distinguished_name
x509_extensions = v3_ca # The extentions to add to the self signed cert
req_extensions  = v3_req
x509_extensions = usr_cert

[req_distinguished_name]

[ v3_req ]
keyUsage         = digitalSignature
extendedKeyUsage = clientAuth

CA erstellen

openssl genrsa -out ca.key 2048
openssl req -new -x509 -key ca.key -out ca.crt  -subj '/CN=www.uniplus.de/O=UNIPLUS Software GmbH/C=DE' -days 1095 -config config.cnf

Client Zertifikat Request erstellen

openssl genrsa -out $1.key 2048
openssl req -new -key $1.key -out $1.csr  -subj "/CN=SOAP Client 3-$2 Produktiv/O=3-$2/C=DE" -config config.cnf

Signiertes Client Zertifikat erstellen

openssl x509 -req -in $1.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out $1.crt -days 1095 -extfile config.cnf -extensions usr_cert

PKCS#12 Bundle erstellen

openssl pkcs12 -export -out $1.p12 -inkey $1.key -in $1.crt

Schreiben Sie einen Kommentar