Skip to content

Instantly share code, notes, and snippets.

@malde

malde/gist:6550988

Forked from mtigas/gist:952344
Last active December 22, 2015 23:59
Show Gist options
  • Save malde/6550988 to your computer and use it in GitHub Desktop.
Save malde/6550988 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.md

Client-side SSL

For excessively paranoid client authentication.

Using self-signed certificate.

Create a Certificate Authority root (which represents this server)

Organization & Common Name: Some human identifier for this server CA.

openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt

Create the Client Key and CSR

Organization & Common Name = Person name

openssl genrsa -des3 -out client.key 4096
openssl req -new -key client.key -out client.csr
# self-signed
openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt

Convert Client Key to PKCS

So that it may be installed in most browsers.

openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12

Convert Client Key to (combined) PEM

Combines client.crt and client.key into a single PEM file for programs using openssl.

openssl pkcs12 -in client.p12 -out client.pem -clcerts

Install Client Key on client device (OS or browser)

Use client.p12. Actual instructions vary.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment