Registrants & Certificates

• Registrant's email address

• Registrant's phone number

• When was the domain created?

• What is the exact organization name?

• What city is listed in the registrant's address?

• What email service is using?

• Check A records for the

Generate a TLS Certificate

With the CA private key already

1. Verify Client Certificate Requirements:

openssl s_client -connect 10.10.10.131:443

1. Generate the client's private key:

openssl genrsa -out client.key 4096

1. Create a certificate signing request (CSR) , ensure the fields match the server's expectations:

openssl req -new -key client.key -out client.req

1. Sign the CSR with the CA’s private key to issue a client certificate :

openssl x509 -req -in client.req -CA lacasadepapel-htb.pem -CAkey ca.key -set_serial 101 -extensions client -days 365 -outform PEM -out client.cer

1. Convert the private key and certificate into a PKCS#12 (.p12) format file for easy import:

openssl pkcs12 -export -inkey client.key -in client.cer -out client.p12