Webula — Yet another programming blog


openssl – part 1

1) Generate an RSA key with 2048 bits.

$ openssl genrsa -out server.key 2048

2) Create an X509 self signed certificate(for development purposes and …)

$ openssl req -x509 -new -nodes -key server.key -sha256 -days 365 -out server.pem

3) Create a PKCS12 key store from private key and certificate

$ openssl pkcs12 -export -name server.cer -in server.pem -inkey server.key -out server.p12

openssl – part 2

usually when you get SSL Certificate, you will get multiple cert files which can be confusing.

they mostly contains a

  1. CA (Certificate Authority)
  2. Trusted Cgain
  3. Organizer
  4. domain cer (your main certificate file with your domain name on it)
  5. domain private key (your private key which you created when you where requesting for SSL

if you want to combine all of these certificate and create a so called certificate bundle or store, you should first concatenate ROOT certificate authority or CA file with chain 1 (Trusted Chain) and Chain 2 (Organizer).

$ cat chain1 chain2 root > bundle.cer

then you can verify it with

$ openssl verify -verbose -purpose sslserver -cafile bundle.cer domain.cer

now create a key store (PKCS12) from the bundle and private key

$ openssl PKCS12 -export -out domain.pfx -inkey private.key -in domain.cer -cert bundle.cer