-
Notifications
You must be signed in to change notification settings - Fork 24
Creating test certificates for 802.1x
Note: If you're using Windows and using gitbash, prefix all the commands with
winptyso as to ensure openssl captures input correctly.
First, we will create our own Certificate Authority (CA). Initially, we will make a private key for the CA.
openssl genpkey -algorithm RSA -out ca.key -aes256You will be asked to set a password for this key, please make sure to remember it as it's required for the next steps.
Next, we will use the private key to create a new root certificate (CA certificate) which can be used to sign client certificates.
openssl req -x509 -new -nodes -key ca.key -sha256 -days 1024 -out ca.crtYou will be asked to provide details for the certificate like Country, State, etc.
Now, let's create the client's private key.
openssl genpkey -algorithm RSA -out mydomain.keyWe will now create a certificate signing request (CSR) for the client's private key.
openssl req -new -key mydomain.key -out mydomain.csrYou will be asked again to provide details like before.
Now we will use the CA to sign the client's CSR and get back the client certificate.
openssl x509 -req -in mydomain.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out mydomain.crt -days 1024 -sha256The client certificate (mydomain.crt) is now signed by the CA and can be used in client applications.