How to create my own certificate chain?
Problem
I would like to set up my own OCSP Responder for testing purposes, and this requires me to have a Root certificate with a few certificates generated from it. I've managed to create a self-signed certificate using , and I want to use it as the Root certificate. The next step would be to create the derived certificates, however, I can't seem to find the documentation on how to do this. Does anyone know where I can find this information? Edit: In retrospect, my question is not yet completely answered, and to clarify the problem, I'll represent my certificate chain like this: Root > A > B > C > ... I am currently able to create the Root and A certificates via the below, but I haven't found how to make a longer chain: This command implicitly depends on the root certificate, for which it finds the required info within the OpenSSL configuration file, however, certificate B must only rely on A, which is not registered in the config file, so the previous command won't work here. What command s…
Error Output
# Root certificate is created like this: openssl req -new -newkey rsa:1024 -nodes -out ca.csr -keyout ca.key openssl x509 -trustout -signkey ca.key -days 365 -req -in ca.csr -out ca.pem # Certificate A is created like this: openssl genrsa -out client.key 1024 openssl req -new -key client.k…
Unverified for your environment
Select your OS to check compatibility.
1 Fix
Fix for: How to create my own certificate chain?
You can use OpenSSL directly. Create a Certificate Authority private key (this is your most important key): Create your CA self-signed certificate: Issue a client certificate by first generating the key, then request (or use one provided by external system) then sign the certificate using private key of your CA: (You may need to add some options as I am using these commands together with my openssl.conf file. You may need to setup your own .conf file first.)
Awaiting Verification
Be the first to verify this fix
Sign in to verify this fix