Create certificates with OpenSSL
Parent topic: Create certificates with OpenSSL

Issue certificates for users or devices

  1. Create a key for the device or user with the command:
    • genrsa -out device.key 2048
    This command creates the file 'device.key' in the current directory.
  2. Create a certificate request for the device or user with the command:
    • req -key device.key -new -subj /CN=DEVICE -out device.req
    This command creates the file 'device.req' in the current directory.
    Note: Apart from this instruction further changes are necessary in the file "openssl.cnf" for the definition of a Extension.
  3. Create a certificate from the certificate request with the command:
    • x509 -extfile openssl.cnf -req -in device.req -CAkey ca.key -CA ca.crt -CAcreateserial -days 90 -out device.crt
    This command signs the certificate request 'device.req' with the key 'ca.key' and then issues the certificate 'device.cert'. The configuration file openssl.cnf is also involved in the procedure.
  4. Export the certificate for the device or user with the command:
    • pkcs12 -export -inkey device.key -in device.crt -certfile ca.crt -out device.p12
    This command combines and saves the key 'device.key', the certificate 'device.crt' and the root certificate 'ca.crt' in the file 'device.p12'. This PKCS#12 file can be uploaded directly to the required device.
Parent topic: Create certificates with OpenSSL
© LANCOM Systems. All rights reserved.