Registrants & Certificates
Generate a TLS
Certificate
With the CA private key already
With the CA private key already
Verify Client Certificate Requirements:
openssl s_client -connect 10.10.10.131:443
Generate the client's private key:
openssl genrsa -out client.key 4096
Create a
certificate signing request (CSR)
, ensure the fields match the server's expectations:
openssl req -new -key client.key -out client.req
Sign the
CSR
with theCA’s private key
to issue aclient certificate
:
openssl x509 -req -in client.req -CA lacasadepapel-htb.pem -CAkey ca.key -set_serial 101 -extensions client -days 365 -outform PEM -out client.cer
Convert the private key and certificate into a
PKCS#12 (.p12)
format file for easy import:
openssl pkcs12 -export -inkey client.key -in client.cer -out client.p12
Last updated