Creating self-signed server / client certificates
We will go through in next steps to how to create self-signed certificates:
For more detailed information, please check here
It is optional step but it is easy to pass the information to openssl using a file rather than inserting that each time.
I tried to create a simple example here
You can check the file format here
openssl req -new -x509 -config cert-authority.cnf -keyout cert-authority-key.pem -out cert-authority-crt.pem
Output: cert-authority-key.pem, cert-authority-crt.pem
openssl genrsa -out server-key.pem 4096
Output: server-key.pem
I tried to create a simple example here
openssl req -new -config server.cnf -key server-key.pem -out server-csr.pem
Output: server-csr.pem
openssl x509 -req -extfile server.cnf -passin "pass:12345" -in server-csr.pem -CA cert-authority-crt.pem -CAkey cert-authority-key.pem -CAcreateserial -out server-crt.pem
openssl genrsa -out client-key.pem 4096
Output: client-key.pem
I tried to create a simple example here
openssl req -new -config client.cnf -key client-key.pem -out client-csr.pem
Output: client-csr.pem
openssl x509 -req -extfile client.cnf -passin "pass:12345" -in client-csr.pem -CA cert-authority-crt.pem -CAkey cert-authority-key.pem -CAcreateserial -out client-crt.pem
you can verify client certificate using CA or server certificates as following:
openssl verify -CAfile cert-authority-crt.pem client-crt.pem
If you want to test using nodejs please check here