Creating a certificate with OpenSSL
- If necessary, download and install Open SSL. Make sure that the openssl.cnf file is located in the BIN folder for OpenSSL.
- Using a command prompt (CMD), navigate to the BIN folder.
In this example, the command is:
- Generate an RSA key with the following command:
openssl genrsa -aes256 -out fgcaprivkey.pem 2048 -config openssl cnf
This RSA key uses AES-256 encryption and a 2048-bit key.
- When prompted, enter a passphrase for encrypting the private key.
Use the following command to launch OpenSSL, submit a new certificate request, and sign the request:
openssl req -new -x509 -days 3650 -extensions v3_ca -key fgcaprivkey.pem -out fgcacert.pem -config openssl.cnf
The result is a standard x509 binary certificate that’s valid for 3650 days (approximately 10 years).
- When prompted, re-enter the passphrase for encryption, then enter the details required for the certificate request, such as location and organization name.
Two new files are created: a public certificate (fgcacert.pem) and a private key (fgcaprivkey.pem).