Generating a client ca – HP Traffic Director sa7220 User Manual

A P P E N D I X B

Generating a Client CA

263

Generating a Client CA

NOTE: To acquire a
copy of OpenSSL* for
your environment, access
the OpenSSL website at
http://www.openssl.org.

This procedure shows how to generate a client CA using OpenSSL:

1. Create a working directory where all the keys and certificates

will be stored.

2. Copy the file

openssl.cnf

from the openSSL source directory.

3. Create a private key by typing this command:

openssl genrsa -out key.pem 1024

4. Create another private key by typing this command:

openssl genrsa -out ca_key.pem 1024

NOTE: The DN
information typed in step
5 must differ from the DN
information typed in step
6.

5. Now generate the client CA by typing this command:

openssl req -new -x509 -config openssl.cnf -key

ca_key.pem -out ca_cert.pem

6. Generate the client certificate signing request by typing this

command:

openssl req -new -config openssl.cnf -key

key.pem -out csr.pem

7. Sign the client certificate request by typing this command:

openssl x509 -req -CAcreateserial -CAkey

ca_key.pem -CA ca_cert.pem -in csr.pem -out

cert.pem

8. Combine the

key.pem

and

cert.pem

keys into one file by

typing this command:

cat key.pem cert.pem > all.pem

9. Convert to p12 format by typing this command:

openssl pkcs12 -export -in all.pem -out

.p12 -name “MY NAME”

The output file

.p12

will be imported into the browser

as a personal certificate.