The process to create a client certificate includes the following
- Generating a certificate request
- Signing the certificate request
- Installing the signed certificate
Generating a certificate request
To create a certificate request, we execute the following command in a “root” shell.
During the creation of the certificate request, we are prompted for the following information
- PEM pass phrase;
- Organizational Name;
- Organizational Unit Name;
- Common Name; and
- Email Address.
For the Common Name, we will supply the host name or the domain name that the certificate will certify. The above command will generate the following files
- newkey.pem, which is the private key; and
- newreq.pem, which is the request for signing.
Signing a certificate request
To sign a certificate request, we execute the following command in a “root” shell.
During the signing of the certificate request, we are prompted for the following information
- PEM pass phrase for the Certificate Authority key
- Sign the certificate
- Commit the certificate
The above command will generate a signed certificate in the
Removing the password on the private key
When using the client certificate, we will be prompted to supply the password on the private key. Inside an automated environment, this will cause applications to fail during start-up and be unavailable for use. We can however remove the password on the private key.
To remove the password on the private key, we execute the following command in a “root” shell.
openssl rsa -in newkey.pem -out newkey.pem.nopass
The above command will generate a separate private key file without the password associated on it.
Once we’ve created the certificate, we perform the following operations on the files