[Security] Open SSL - ramkumarant/reference GitHub Wiki

Generate your private key and public certificate

openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -subj "/C=IN/ST=TN/L=Chennai/O=Org-01/OU=Unit-01/CN=localhost" -out certificate.pem

Generate your private key and public certificate with SAN

openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem -config server_cert_ext.cnf

Content of server_cert_ext.cnf

[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no

[req_distinguished_name]
C = IN
ST = Tamil Nadu
L = Chennai
O = Org-01
OU = Unit-01
CN = localhost

[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1 = *.company.com
DNS.2 = company.net
IP.1 = 127.0.0.1
IP.2 = 192.168.43.104

Review the created certificate

openssl x509 -text -noout -in certificate.pem

Combine your key and certificate in a PKCS#12 (P12) bundle:

openssl pkcs12 -inkey key.pem -in certificate.pem -export  -out certificate.p12

Validate your P2 file.

openssl pkcs12 -in certificate.p12 -noout -info

Generate your private key, public key and public certificate

openssl req -newkey rsa:2048 -pubkey -nodes -keyout key.pem -x509 -days 365 -subj "/C=IN/ST=TN/L=Chennai/O=Self Organization/OU=Self/CN=localhost" -out certificate.pem

Generate your encrypted private key and public certificate

openssl req -newkey rsa:2048 -keyout key.pem -passin changeit -x509 -days 365 -subj "/C=IN/ST=TN/L=Chennai/O=Self Organization/OU=Self/CN=localhost" -out certificate.pem

Generate public certificate using your private key file

openssl req -newkey rsa:2048 -nodes -keyin key.pem -x509 -days 365 -subj "/C=IN/ST=TN/L=Chennai/O=Self Organization/OU=Self/CN=localhost" -out certificate.pem

Show certificates

openssl s_client -showcerts -connect anypoint.mulesoft.com:443