Как сгенерировать сертификаты


Цель: Я хочу создать главный сертификат – root. И от него создать еще 4 сертификата.


#  mkdir /root/ca

# cd /root/ca

# mkdir certs crl newcerts private

# chmod 700 private

# touch index.txt

# echo 1000 > serial

1. Создадим ключ для главного сертификата.

#  openssl genrsa -aes256 -out private/ca.key.pem 4096

2. Создадим главный сертификат используя ключ (1).

#  openssl req -config openssl.cnf -key private/ca.key.pem -new -x509 -days 7300 -sha256 -extensions v3_ca -out certs/ca.cert.pem

[Enter pass phrase for private/ca.key.pem:

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.


Country Name (2 letter code) [GB]:RU

State or Province Name [England]:Russia

Locality Name []:

Organization Name [Alice Ltd]:android-studio.ru

Organizational Unit Name []:android-studio.ru certificate authority

Common Name []:android-studio.ru Root CA

Email Address []:


Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: