support/notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
71b8ec9123624b0d65092f9972bcb7176b3f551f
notes/divers/tiny_root_CA_01.md
Valeriu PLESNILA 26296b6d6a 2026-03-12 21:01:38
2026-03-12 22:01:38 +01:00

1.0 KiB
Raw Blame History

Based on article https://www.baeldung.com/openssl-self-signed-cert

Build a home made root CA

mkdir -p /app/CA
cd /app/CA

Create rootCA private key:

openssl genrsa -des3 -out rootCA.key 4096

Create rootCA certificate:

openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 7300 -out rootCA.pem

Generate client root CA signed certificate for a client

Client private key:

openssl genrsa -out raxus.swgalaxy.key 2048

Client certificate signature request:

openssl req -new -key raxus.swgalaxy.key -out raxus.swgalaxy.csr

Root CA create a signed certificate using the certificate signature request:

openssl x509 -req -CA rootCA.pem -CAkey rootCA.key -in raxus.swgalaxy.csr -out raxus.swgalaxy.crt -days 365 -CAcreateserial

Optionally create the full chain:

cat raxus.swgalaxy.crt rootCA.pem > raxus.swgalaxy.fullchain.crt

Optionally create an export to be imported into a Oracle wallet:

openssl pkcs12 -export \
	-in raxus.swgalaxy.crt \
	-inkey raxus.swgalaxy.key \
	-certfile rootCA.pem \
	-out raxus.swgalaxy.p12
Reference in New Issue View Git Blame Copy Permalink