how do i create a regular certificate with client authentication bits set

how do i create a regular certificate with client authentication bits set
cbruneAsked:
Who is Participating?
 
Henk van AchterbergSr. Technical ConsultantCommented:
http://techlx.blogspot.nl/2010/05/how-to-create-self-signed-ssl-client.html

Here's how to create a self-signed SSL client certificate with openssl on the command line.
First we have to create the private key:
openssl genrsa -out client.key 2048
Now we can create certificate request. Enter all the distinguished name information required to create a certificate request using the following command:

openssl req -key client.key -new -out client.req


OpenSSL commands expect to receive a file named: client.cnf. This file stores information that help generate extension fields to the certificate. You must create the client.cnf file with the following information:

[ ssl_client ]
basicConstraints = CA:FALSE
nsCertType = client
keyUsage = digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth

Create a certificate request into a self signed certificate using extensions for the client certifiacte:
openssl x509 -req -days 365 -in client.req -signkey client.key -out client.crt -extfile client.cnf -extensions ssl_client
Verify the certificate:
openssl x509 -text -noout -in client.crt
As you can see the SSL extensions are now part of the certificate:
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Client
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.