Create a certificate

This procedure allows you to create a certificate.

In this procedure you use the openssl tool to perform the certificate creation tasks.

  1. Create the certificate serial file:
    $ echo 01 > MyCA.srl

    This command creates a serial file with an initial HEX value 01. OpenSSL uses this file to track the serial numbers of certificates it creates. The serial file is typically given the same name as the CA with the extension .srl.

  2. Create a CSR (Certificate Signing Request):
    $ openssl req -new -out MyCert.csr
    This command creates a privkey.pem file containing the RSA private key of that certificate and protected by a password.
  3. Remove the private key password (Optional):
    $ openssl rsa -in privkey.pem -out MyCert.pem
  4. Create a certificate from the Certificate Signing Request and trusted by the Certificate Authority:
    $ openssl x509 -in MyCert.csr -out MyCert.crt -req -signkey MyCert.pem
     -CA MyCA.crt -CAkey MyCA.pem -days 365
    Note: If you want an official Certificate, you must send the CSR file to one of the self-established Certificate Authority companies on the Internet (instead of creating it with openssl).