2 rm -f ca.key ca.pem ca.srl server.csr server.key server.pem server.chain server.ocsp
7 openssl req
-new
-x509
-days
1 -extensions v3_ca
-keyout ca.key
-out ca.pem
-nodes
-config configCA.conf
8 # Generate a new server certificate request
9 openssl req
-new
-newkey rsa
:2048 -nodes
-keyout server.key
-out server.csr
-config configServer.conf
10 # Sign the server cert
11 openssl x509
-req
-days
1 -CA ca.pem
-CAkey ca.key
-CAcreateserial
-in server.csr
-out server.pem
-extfile configServer.conf
-extensions v3_req
13 cat server.pem ca.pem
> server.chain
14 # Generate a password-protected PKCS12 file
15 openssl pkcs12
-export -passout pass
:passw0rd
-clcerts
-in server.pem
-CAfile ca.pem
-inkey server.key
-out server.p12