Openssl examples

1. Example scripts to create certificate chain with OpenSSL
2. I developed some examples of scripts to create certificates and keys by OpenSSL. It was tested on OpenSSL 1.1.0.
3.  
4.  
5.  
6. Important: the self-signed certificates must be used only for internal and development purposes.
7.  
8.  
9.  
10. Below you can find scripts to create:
11.  
12. CA certificate
13. Intermediary CA Certificate
14. Server Certificate (signed by CA)
15. Server Certificate (signed by Intermediary CA)
16. Client Certificate (signed by CA)
17. Client Certificate (signed by Intermediary CA)
18.  
19.  
20.  
21.  
22.  
23.  
24. Script Openssl Certificate
25.  
26.  
27.  
28. #Generate CA Certificate
29.  
30.  
31.  
32. #Generate private Key
33.  
34. openssl genrsa -out CA.key 2048
35.  
36.  
37.  
38. #Generate CA CSR
39.  
40. openssl req -new -sha256 -key CA.key -out CA.csr -subj "/C=BR/ST=SAO PAULO/L=SAO PAULO/O=AXWAY/CN=CA CERTIFICATE"
41.  
42.  
43.  
44. #Generate CA Certificate (10 years)
45.  
46. openssl x509 -signkey CA.key -in CA.csr -req -days 3650 -out CA.pem
47.  
48.  
49.  
50. #--------------------------------------------------------------------------------------
51.  
52.  
53.  
54. #Generate Intermediary CA Certificate
55.  
56.  
57.  
58. #Generate private Key
59.  
60. openssl genrsa -out CA_Intermediary.key 2048
61.  
62.  
63.  
64. #Create Intermediary CA CSR
65.  
66. openssl req -new -sha256 -key CA_Intermediary.key -out CA_Intermediary.csr -subj "/C=BR/ST=SAO PAULO/L=SAO PAULO/O=AXWAY/CN=CA INTERMEDIARY CERTIFICATE"
67.  
68.  
69.  
70. #Generate Server Certificate (10 years)
71.  
72. openssl x509 -req -in CA_Intermediary.csr -CA CA.pem -CAkey CA.key -CAcreateserial -out CA_Intermediary.crt -days 3650 -sha256
73.  
74.  
75.  
76. #--------------------------------------------------------------------------------------
77.  
78.  
79.  
80. #Generate Server Certificate signed by CA
81.  
82.  
83.  
84. #Generate private Key
85.  
86. openssl genrsa -out ServerCert_signedByCA.key 2048
87.  
88.  
89.  
90. #Create Server CSR
91.  
92. openssl req -new -sha256 -key ServerCert_signedByCA.key -out ServerCert_signedByCA.csr -subj "/C=BR/ST=SAO PAULO/L=SAO PAULO/O=AXWAY/CN=axway.lab/subjectAltName=DNS.1=axway.lab,DNS.2=your-alt-name"
93.  
94.  
95.  
96. #Generate Server Certificate
97.  
98. openssl x509 -req -in ServerCert_signedByCA.csr -CA CA.pem -CAkey CA.key -CAcreateserial -out ServerCert_signedByCA.crt -days 3650 -sha256
99.  
100.  
101.  
102. #View Certificate
103.  
104. openssl x509 -text -noout -in ServerCert_signedByCA.crt
105.  
106.  
107.  
108.  
109.  
110. #--------------------------------------------------------------------------------------
111.  
112.  
113.  
114. #Generate Server Certificate signed by Intermediary CA
115.  
116.  
117.  
118. #Generate private Key
119.  
120. openssl genrsa -out ServerCert_signedByCAIntermediary.key 2048
121.  
122.  
123.  
124. #Create Server CSR
125.  
126. openssl req -new -sha256 -key ServerCert_signedByCAIntermediary.key -out ServerCert_signedByCAIntermediary.csr -subj "/C=BR/ST=SAO PAULO/L=SAO PAULO/O=AXWAY/CN=localhost/subjectAltName=DNS.1=axway.lab,DNS.2=your-alt-name"
127.  
128.  
129.  
130. #Generate Server Certificate
131.  
132. openssl x509 -req -in ServerCert_signedByCAIntermediary.csr -CA CA.pem -CAkey CA.key -CAcreateserial -out ServerCert_signedByCAIntermediary.crt -days 3650 -sha256
133.  
134.  
135.  
136. #View Certificate
137.  
138. openssl x509 -text -noout -in ServerCert_signedByCAIntermediary.crt
139.  
140.  
141.  
142.  
143.  
144. #--------------------------------------------------------------------------------------
145.  
146.  
147.  
148. #Generate Client Certificate signed by CA
149.  
150.  
151.  
152. #Generate private Key
153.  
154. openssl genrsa -out ClientCert_signedByCA.key 2048
155.  
156.  
157.  
158. #Create Client CSR
159.  
160. openssl req -new -sha256 -key ClientCert_signedByCA.key -out ClientCert_signedByCA.csr -subj "/C=BR/ST=SAO PAULO/L=SAO PAULO/O=AXWAY/CN=client"
161.  
162.  
163.  
164. #Generate Client Certificate
165.  
166. openssl x509 -req -in ClientCert_signedByCA.csr -CA CA.pem -CAkey CA.key -CAcreateserial -out ClientCert_signedByCA.crt -days 3650 -sha256
167.  
168.  
169.  
170. #View Certificate
171.  
172. openssl x509 -text -noout -in ClientCert_signedByCA.crt
173.  
174.  
175.  
176.  
177.  
178.  
179.  
180.  
181.  
182. #--------------------------------------------------------------------------------------
183.  
184.  
185.  
186. #Generate Client Certificate signed by Intermediary CA
187.  
188.  
189.  
190. #Generate private Key
191.  
192. openssl genrsa -out ClientCert_signedByCAIntermediary.key 2048
193.  
194.  
195.  
196. #Create Client CSR
197.  
198. openssl req -new -sha256 -key ClientCert_signedByCAIntermediary.key -out ClientCert_signedByCAIntermediary.csr -subj "/C=BR/ST=SAO PAULO/L=SAO PAULO/O=AXWAY/CN=clientCA_Intermediary"
199.  
200.  
201.  
202. #Generate Client Certificate
203.  
204. openssl x509 -req -in ClientCert_signedByCAIntermediary.csr -CA CA_Intermediary.crt -CAkey CA_Intermediary.key -CAcreateserial -out ClientCert_signedByCAIntermediary.crt -days 3650 -sha256
205.  
206.  
207.  
208. #View Certificate
209.  
210. openssl x509 -text -noout -in ClientCert_signedByCAIntermediary.crt