Registrants & Certificates

Generate a TLS Certificate

With the CA private key already

  1. Verify Client Certificate Requirements:

openssl s_client -connect 10.10.10.131:443
  1. Generate the client's private key:

openssl genrsa -out client.key 4096
  1. Create a certificate signing request (CSR) , ensure the fields match the server's expectations:

openssl req -new -key client.key -out client.req
  1. Sign the CSR with the CA’s private key to issue a client certificate :

openssl x509 -req -in client.req -CA lacasadepapel-htb.pem -CAkey ca.key -set_serial 101 -extensions client -days 365 -outform PEM -out client.cer
  1. Convert the private key and certificate into a PKCS#12 (.p12) format file for easy import:

openssl pkcs12 -export -inkey client.key -in client.cer -out client.p12

Last updated