Download Windows Version of OpenSSL From
http://sourceforge.net/projects/gnuwin32/files/openssl/0.9.8h-1/openssl-0.9.8h-1-setup.exe/download?use_mirror=nchc
For Linux Open SSL use following path:
http://www.openssl.org/source/
1) Install Open SSL
2) After installation browse to OpenSSL location path (In windows C:\Program Files (x86)\GnuWin32\bin)
3) Open same path in Command Prompt.
4) Generate RSA Private Key using following command.
cmd> openssl genrsa -out iamidm.key 4096 -des3
Following Output should appear after running the command:
Loading 'screen' into random state - done Generating RSA private key, 4096 bit long modulus
...++
......................................................................................................++e is 65537 (0x10001)
Key should get created with the name iamidm.key in the location where you are running command.
5) Generate Root Certificate using following Command:
cmd>openssl req -new -config "C:\Program Files (x86)\GnuWin32\share\openssl.cnf" -x509 -days 365 -key iamidm.key -out iamidm.crt
OUTPUT:
Loading 'screen' into random state - done
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:ANDHRA
Locality Name (eg, city) []:HYDERABAD
Organization Name (eg, company) [Internet Widgits Pty Ltd]:IAMIDM
Organizational Unit Name (eg, section) []:IAM
Common Name (eg, YOUR name) []:RAVITEJA
Email Address []:CHINNIRAVIEJA@GMAIL.COM
Certificate will be generated with 1 year validity(as we have given 365 days) and with the name iamidm.crt
6) Create Subordinate CA that is used for signature.
Generate another RSA Key.
cmd>openssl genrsa -out iamidm_sub.key 4096 -des3
output:
Loading 'screen' into random state - done
Generating RSA private key, 4096 bit long modulus
...............................................................................................................................++
.............................++
e is 65537 (0x10001)
Check output file that would have generate with the name iamidm_sub.key
Generate another certificate using above key :
cmd> openssl req -new -config "C:\Program Files (x86)\GnuWin32\share\openssl.cnf" -key iamidm_sub.key -out iamidm_sub.csr
7) Generate Certificate now:
cmd>openssl x509 -req -days 365 -in iamidm_sub.csr -CA iamidm.crt -CAkey iamidm.key -set_serial 01 -out server.crt
OUTPUT:
Loading 'screen' into random state - done
Signature ok
subject=/C=IN/ST=ANDHRA/L=HYD/O=IAMIDM_SUB/OU=IAM/CN=RAVI/emailAddress=CHINNIRAV
ITEJA@GMAIL.COM
Getting CA Private Key
Now server.crt should get generated.
Package the keys and certs in a pkcs12 file
cmd>openssl pkcs12 -export -out iamidm_sub.p12 inkey iamidm_sub.key -in server.crt -chain -CAfile iamidm.crt
Loading 'screen' into random state - done
Enter Export Password:
Verifying - Enter Export Password:
iamidm_sub.p12 will get generated.
Thanks !!
http://sourceforge.net/projects/gnuwin32/files/openssl/0.9.8h-1/openssl-0.9.8h-1-setup.exe/download?use_mirror=nchc
For Linux Open SSL use following path:
http://www.openssl.org/source/
1) Install Open SSL
2) After installation browse to OpenSSL location path (In windows C:\Program Files (x86)\GnuWin32\bin)
3) Open same path in Command Prompt.
4) Generate RSA Private Key using following command.
cmd> openssl genrsa -out iamidm.key 4096 -des3
Following Output should appear after running the command:
Loading 'screen' into random state - done Generating RSA private key, 4096 bit long modulus
...++
......................................................................................................++e is 65537 (0x10001)
Key should get created with the name iamidm.key in the location where you are running command.
5) Generate Root Certificate using following Command:
cmd>openssl req -new -config "C:\Program Files (x86)\GnuWin32\share\openssl.cnf" -x509 -days 365 -key iamidm.key -out iamidm.crt
OUTPUT:
Loading 'screen' into random state - done
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:ANDHRA
Locality Name (eg, city) []:HYDERABAD
Organization Name (eg, company) [Internet Widgits Pty Ltd]:IAMIDM
Organizational Unit Name (eg, section) []:IAM
Common Name (eg, YOUR name) []:RAVITEJA
Email Address []:CHINNIRAVIEJA@GMAIL.COM
Certificate will be generated with 1 year validity(as we have given 365 days) and with the name iamidm.crt
6) Create Subordinate CA that is used for signature.
Generate another RSA Key.
cmd>openssl genrsa -out iamidm_sub.key 4096 -des3
output:
Loading 'screen' into random state - done
Generating RSA private key, 4096 bit long modulus
...............................................................................................................................++
.............................++
e is 65537 (0x10001)
Check output file that would have generate with the name iamidm_sub.key
Generate another certificate using above key :
cmd> openssl req -new -config "C:\Program Files (x86)\GnuWin32\share\openssl.cnf" -key iamidm_sub.key -out iamidm_sub.csr
7) Generate Certificate now:
cmd>openssl x509 -req -days 365 -in iamidm_sub.csr -CA iamidm.crt -CAkey iamidm.key -set_serial 01 -out server.crt
OUTPUT:
Loading 'screen' into random state - done
Signature ok
subject=/C=IN/ST=ANDHRA/L=HYD/O=IAMIDM_SUB/OU=IAM/CN=RAVI/emailAddress=CHINNIRAV
ITEJA@GMAIL.COM
Getting CA Private Key
Now server.crt should get generated.
Package the keys and certs in a pkcs12 file
cmd>openssl pkcs12 -export -out iamidm_sub.p12 inkey iamidm_sub.key -in server.crt -chain -CAfile iamidm.crt
Loading 'screen' into random state - done
Enter Export Password:
Verifying - Enter Export Password:
iamidm_sub.p12 will get generated.
Thanks !!
Hey its too gud...:-)
ReplyDelete