Fortinet black logo

Cookbook

Creating a certificate with OpenSSL

Copy Link
Copy Doc ID a4a06ec3-12a7-11e9-b86b-00505692583a:228718
Download PDF

Creating a certificate with OpenSSL

  1. If necessary, download and install Open SSL. Make sure that the openssl.cnf file is located in the BIN folder for OpenSSL.
  2. Using a command prompt (CMD), navigate to the BIN folder.

    In this example, the command is:

    cd c:\OpenSSL\bin

  3. Generate an RSA key with the following command:

    openssl genrsa -aes256 -out fgcaprivkey.pem 2048 -config openssl cnf

    This RSA key uses AES-256 encryption and a 2048-bit key.

  4. When prompted, enter a passphrase for encrypting the private key.

    Use the following command to launch OpenSSL, submit a new certificate request, and sign the request:

    openssl req -new -x509 -days 3650 -extensions v3_ca -key fgcaprivkey.pem -out fgcacert.pem -config openssl.cnf

    The result is a standard x509 binary certificate that’s valid for 3650 days (approximately 10 years).

  5. When prompted, re-enter the passphrase for encryption, then enter the details required for the certificate request, such as location and organization name.

    Two new files are created: a public certificate (fgcacert.pem) and a private key (fgcaprivkey.pem).

Creating a certificate with OpenSSL

  1. If necessary, download and install Open SSL. Make sure that the openssl.cnf file is located in the BIN folder for OpenSSL.
  2. Using a command prompt (CMD), navigate to the BIN folder.

    In this example, the command is:

    cd c:\OpenSSL\bin

  3. Generate an RSA key with the following command:

    openssl genrsa -aes256 -out fgcaprivkey.pem 2048 -config openssl cnf

    This RSA key uses AES-256 encryption and a 2048-bit key.

  4. When prompted, enter a passphrase for encrypting the private key.

    Use the following command to launch OpenSSL, submit a new certificate request, and sign the request:

    openssl req -new -x509 -days 3650 -extensions v3_ca -key fgcaprivkey.pem -out fgcacert.pem -config openssl.cnf

    The result is a standard x509 binary certificate that’s valid for 3650 days (approximately 10 years).

  5. When prompted, re-enter the passphrase for encryption, then enter the details required for the certificate request, such as location and organization name.

    Two new files are created: a public certificate (fgcacert.pem) and a private key (fgcaprivkey.pem).