Creating a certificate with OpenSSL
- If necessary, download and install Open SSL and ensure hat the openssl.cnf file is located in the BIN folder for OpenSSL.
- In the CLI, go to the BIN folder.
In this example, the command is:
- Generate an RSA key:
openssl genrsa -aes256 -out fgcaprivkey.pem 2048 -config openssl cnf
This RSA key uses AES-256 encryption and a 2048-bit key.
- When prompted, enter a passphrase for encrypting the private key.
Use the following command to launch OpenSSL, submit a new certificate request, and sign the request:
openssl req -new -x509 -days 3650 -extensions v3_ca -key fgcaprivkey.pem -out fgcacert.pem -config openssl.cnf
The result is a standard x509 binary certificate that’s valid for 3650 days (approximately 10 years).
- When prompted, re-enter the passphrase for encryption, then enter the details for the certificate request such as location and organization name.
Two files are created: a public certificate (fgcacert.pem) and a private key (fgcaprivkey.pem).