Client SSL certificate request
SSL client authentication certificate request, csr and key files, can be created by developers with the following openssl command:
openssl req -config openssl-client.cnf -newkey rsa -sha256 -nodes -outform PEM -out clientcert.csr
where
- openssl-client.cnf is configuration file created in prerequisites section
- -newkey rsa -outform PEM mean that RSA key and CSR files will be created and saved in PEM format
- clientcert.csr is the certificate signing request to be created
This command creates clientkey.pem key file and clientcert.csr signing
request. The key file is a sensitive material and it's needed on the IDE side only. The signing request file with .csr extension should be passed to CA for signing,
according to the section below. After certificate is created, .csr file can be deleted
Sign client SSL certificate
In order to create client SSL certificate, CA signs csr file with with command below:
openssl ca -verbose -config openssl-ca.cnf -policy signing_policy -extensions signing_req -out clientcert.pem -infiles clientcert.csr
where
- openssl-ca.cnf is configuration file created in prerequisites section
- clientcert.csr is a sign request, created in certificate request section
- clientcert.pem is the client authentication certificate to be created
This command creates clientcert.pem client authentication certificate and updates serial.txt and index.txt with information
about created certificate
Client certificate is needed on the IDE side only and referred to in the debugger settings, according to instructions in
configuration section
Client certificate created with configuration in this example is valid for 1 year. At the end of that time a new client certificate can be created.
|