Filter
Top Products
C H A P T E R 3 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide
3-20
Creating a Client CA Certificate using
OpenSSL§
NOTE: To acquire a
copy of OpenSSL§ for
your environment, access
the OpenSSL§ Web site at
www.openssl.org
There are software packages available that handle the details of client
certificate generation, however, you can implement them manually.
The following example illustrates the appropriate steps using
OpenSSL§:
1. Generate the key pair for the client CA:
openssl genrsa -out ca_key.pem 1024
2. Generate the client CA certificate:
openssl req -new -x509 -config intel.cnf -key
ca_key.pem -days 365 -out ca_cert.pem
NOTE: In this example,
ca_cert.pem is your
trusted CA and signing
certificate
3. Using the import client_ca command, import ca_cert.pem
For each client:
1. Generate a key pair:
openssl genrsa -out key.pem 1024
2. Generate a certificate signing request:
openssl req -new -config intel.cnf -days 365
-key key.pem -out csr.pem
3. Sign the client certificate signing request with the client CA
certificate:
openssl x509 -req -CAcreateserial -CAkey
ca_key.pem -CA ca_cert.pem -days 365 -in csr.pem
-out cert.pem
4. Convert from PEM to PKCS12 format in signed certificate form:
openssl pkcs12 -export -in cert.pem -inkey
key.pem -name "<
Client ID
>" -out cert.p12
5. Import the output file from step 4, cert.p12, the signed certificate,
into the client browser.