Solved

how do i create a regular certificate with client authentication bits set

Posted on 2014-03-17
1
483 Views
Last Modified: 2014-04-11
how do i create a regular certificate with client authentication bits set
0
Comment
Question by:cbrune
1 Comment
 
LVL 12

Accepted Solution

by:
Henk van Achterberg earned 500 total points
ID: 39936116
http://techlx.blogspot.nl/2010/05/how-to-create-self-signed-ssl-client.html

Here's how to create a self-signed SSL client certificate with openssl on the command line.
First we have to create the private key:
openssl genrsa -out client.key 2048
Now we can create certificate request. Enter all the distinguished name information required to create a certificate request using the following command:

openssl req -key client.key -new -out client.req


OpenSSL commands expect to receive a file named: client.cnf. This file stores information that help generate extension fields to the certificate. You must create the client.cnf file with the following information:

[ ssl_client ]
basicConstraints = CA:FALSE
nsCertType = client
keyUsage = digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth

Create a certificate request into a self signed certificate using extensions for the client certifiacte:
openssl x509 -req -days 365 -in client.req -signkey client.key -out client.crt -extfile client.cnf -extensions ssl_client
Verify the certificate:
openssl x509 -text -noout -in client.crt
As you can see the SSL extensions are now part of the certificate:
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Client
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Imagine a situation that you have installed SSL (http://en.wikipedia.org/wiki/Secure_Sockets_Layer) Certificate on your Cisco ASA (Cisco Adaptive Security Appliance) firewall. Installation of SSL certificate on ASA is an another topic for which you …
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now