Page History

...

Code Block

language	bash
title	Create self-signed Certificate using RSA
linenumbers	true

# Specify key name used for file names
key_name=signing

# GenerateCreate Private Key and Certificate
# openssl req -sha256 -newkey rsa:4096 -keyout "${key_name}".key -passout pass:

# Create Certificate Signing Request (CSR)
openssl req -x509new -sha256 -newkey rsa:4096 -sha256 -nodes \
    -config <(printf "\n[ req ]\nprompt=no\ndistinguished_name=standard dn\n\n[ standard dn]\ncountryName=DE\nstateOrProvinceName=Berlin\nlocalityName=Berlin\norganizationName=SOS\norganizationalUnitName=IT\ncommonName=${key_name}\n\n[ standard exts ]\nkeyUsage=critical,nonRepudiation,digitalSignature,keyEncipherment\nextendedKeyUsage=critical,codeSigning\n") \
	-keyout "${key_name}".key \
    -out "${key_name}.crt".csr

# Create and sign Certificate
openssl x509 -req -days 5475 \
    -signkey "${key_name}".key \
    -in "${key_name}".csr \
    -out "${key_name}".crt \
    -extfile <(printf "keyUsage=critical,nonRepudiation,digitalSignature,keyEncipherment\n\n\nextendedKeyUsage=critical,codeSigning\n" "${key_name}")

Explanation:

In the example the Private Key is created using the specified key size of 4096.
The Certificate is created with the -days argument optionally specified for the validity period of the Certificate.
The <key_name>.key file will hold the Private Key.
The <key_name>.crt file will hold the self-signed Certificate.

...

Space shortcuts

Page tree

Versions Compared

Old Version 13

New Version 14

Key