Created
June 6, 2020 08:46
-
-
Save baradhili/542c9b35041bdb95177473e7637506e0 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Since cacert.org's browser based client cert generator is broken - this is what I went through to manually do it.. | |
| Assuming you have openssl installed on your machine | |
| Creating your private key | |
| ``openssl genrsa -out client.key.pem 4096`` | |
| Creating a csr | |
| ``openssl req -new -key client.key.pem -out client.csr`` | |
| It will ask you a bunch of x509 information - you need your actual name in the OU and your cacert email in the email field | |
| Now login into cacert.org and select ``client certificate/new`` select advanced and past the contents of your client.csr into the csr field | |
| This will sit for a bit and then give you the option of downloading keys.. download the pem format key - we'll call it here email.crt | |
| Your browser has no idea about any of this yet since it can't see your private key file - so we'll bundle that into a pkcs12 file for importing to your browser | |
| Bundling private key and signed cert into a pkcs12 file for your browser | |
| ``openssl pkcs12 -export -out client.pfx -inkey client.key.pem -in email.crt`` | |
| Now go to your browsers certificate config and click import it should work from tehre |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment