Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- --- CREATE SELF-SIGNED ECDSA CERTIFICATE WITH PRIVATE KEY INSIDE ----
- 1. Open openssl.exe.
- 2. If you haven't chosen a curve, you can list them with this command:
- ecparam -list_curves
- I picked sect571r1 for this example. Use this to generate an EC private key if you don't have one already:
- ECDSA 384 - brainpoolP384r1
- ECDSA 512 - sect571r1
- 3. Create private-key.pem
- ecparam -name brainpoolP512r1 -genkey -param_enc explicit -out private-key.pem
- ecparam -genkey -name secp521r1 -noout -out private-key.pem
- 3. Create certificate in certificate.pem.
- req -new -x509 -key private-key.pem -out certificate.pem -days 900000 -subj "/C=PL/ST=Silesia/L=Katowice/O=MyOrganization/CN=CommonName"
- 4. You can inspect the files in the console:
- ecparam -in private-key.pem -text -noout
- x509 -in certificate.pem -text -noout
- 5. Combine private key and certificate into a new certificate-private.pem file. Open up command line, move to the folder where your files exist.
- cat private-key.pem certificate.pem > certificate-private.pem
- 6. Create p12 / p7b / pfx certificate from certificate-private.pem.
- pkcs12 -export -inkey private-key.pem -in certificate-private.pem -out certificate-private.pfx
- pkcs12 -export -inkey private-key.pem -in certificate-private.pem -out certificate-private.p12
- pkcs12 -export -inkey private-key.pem -in certificate-private.pem -out certificate-private.p7b
- The pfx file's icon should be an opened letter with yellow key.
- --- IMPORT THE CERTIFICATE TO YOUR MACHINE (for Windows)----
- 7. Click "Start" and open mmc Microsoft Management Console as Administrator.
- 8. Choose File -> Add/remove snap-in.
- 9. Choose "Certificates" and "Add", Choose "Local machine".
- 10. Open "Personal" or "Trusted Root..." and choose "Certificates".
- 11. Right-click "Certificates" -> "All tasks" -> "Import" and choose the file.
- 12. The certificate should come up in the list and the icon should have a key.
- Double click to show details. In "General" tab you should see "You have a private key that corresponds to this certificate".
Add Comment
Please, Sign In to add comment