Using OpenSSL

    Generating Client/Server certificates with a local CA
    Using these certificate/key pairs with nettest

page maintained by Joshua Boverhof (JRBoverhof@lbl.gov)
 
 

****************************************************************************
Generating Client/Server certificates with a local CA
*make sure openssl points to the correct instillation (%which openssl).  Mine is aliased to /usr/local/openssl/bin/openssl

Generate a CA
1)    openssl req -out ca.pem -new -x509
        -generates CA file "ca.pem" and CA key "privkey.pem"

Generate server certificate/key pair
        - no password required.
2)    openssl genrsa -out server.key 1024
3)    openssl req -key server.key -new -out server.req
4)    openssl x509 -req -in server.req -CA CA.pem -CAkey privkey.pem -CAserial file.srl -out server.pem
        -contents of "file.srl" is a two digit number.  eg. "00"

Generate client certificate/key pair

5)    Either choose to encrypt the key(a) or not(b)
        a. Encrypt the client key with a passphrase
            openssl genrsa -des3 -out client.key 1024
        b. Don't encrypt the client key
            openssl genrsa -out client.key 1024
6)    openssl req -key client.key -new -out client.req
7)    openssl x509 -req -in client.req -CA CA.pem -CAkey privkey.pem -CAserial file.srl -out client.pem
        -contents of "file.srl" is a two digit number.  eg. "00"

8)    DONE

****************************************************************************
Using these certificate/key pairs with nettest

   *Note nettest compares the fields you entered when you generated
       the certificates to an ACL file.  This comparison  establishes  if
       you have read/write/execute permissions for testing purposes.
       ( sample ACL file for nettest )

1)    Copy server.pem to nettest/release/ as nettest.pem
        -%cp  ./server.pem  ~/nettest/release/nettest.pem

2)    Copy server.key to nettest/release/ as key.pem
        -%cp  ./server.key   ~/nettest/release/key.pem

3)    Copy client.pem and client.key files to nettest/release/

4)    Copy "ca.pem" to nettest/release/CA.pem
          -%cp ./ca.pem ~/nettest/release/CA.pem

        OR append contents of "ca.pem" to nettest/release/CA.pem
 

****************************************************************************