...
1**How example certificates and keys generated in this directory:**
2
3To create a self signed cert(and private key), Run the following commands using openssl:
4```
5openssl req -x509 -sha256 -days 7305 -newkey rsa:2048 -keyout root_key.pem -out
6root_cert.pem
7```
8To create a chain of certs:
9
10```leafCert.pem``` < ```intermediateCert.pem``` < ```rootCert.pem```
11
12Run the following commands using openssl:
13
14Create a self signed root:
15```
16openssl req -x509 -sha256 -days 7305 -newkey rsa:2048 -keyout root_key.pem -out root_cert.pem
17```
18Create a configuration file config.cnf:
19```
20basicConstraints=CA:TRUE
21```
22Create the intermediate cert private key:
23```
24openssl genrsa -out intermediate_key.pem 2048
25```
26Create a certificate signing request:
27```
28openssl req -key intermediate_key.pem -new -out intermediate.csr
29```
30Sign the CSR with the root:
31```
32openssl x509 -req -CA root_cert.pem -CAkey root_key.pem -in intermediate.csr
33-out intermediate_cert.pem -days 7305 -CAcreateserial -extfile config.cnf
34```
35Create the leaf cert private key:
36```
37openssl genrsa -out leaf_key.pem 2048
38```
39Create a certificate signing request:
40```
41openssl req -key leaf_key.pem -new -out leaf.csr
42```
43Sign the CSR with the intermediate
44```
45openssl x509 -req -CA intermediate_cert.pem -CAkey intermediate_key.pem -in
46leaf.csr -out leaf_cert.pem -days 7305 -CAcreateserial -extfile config
47```
48TODO(rmehta19): Perhaps put these commands together into a script to make
49generation of example certs/keys and cert chains simpler.
View as plain text