Quickly generate TLS client cert (self-signed)
Summary
Just like my recent post with a 1-liner for TLS cert creation, this is simply for me to copy/paste later.
Client cert creation for mTLS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
# Create the CA key and cert
openssl genrsa -aes256 -out ca.key 4096
openssl req -new -x509 -sha256 -days 365 -key ca.key -out ca.crt -subj "/CN=MyRootCA"
# Create the Client Certificate:
## Generate the client private key.
openssl genrsa -out client.key 2048
## Create the client CSR
openssl req -new -key client.key -out client.csr -subj "/CN=myclient"
## Sign the client CSR
openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 365 -sha256
# Verify the client certificate.
openssl verify -CAfile ca.crt client.crt
To configure with .cnf files
Here’s a nice little demo bash script I became aware of after running the commands. Use this if you want to configure things like Common Names and other attributes in config files.