Create a Client Certificate

1. Generate a client key file

openssl genrsa -out server/private/client.key 2048

2. Generate a client Certificate Signing Request (CSR)

openssl req -config mid-ca/mid-ca.conf -key server/private/client.key -new -sha256 -out server/csr/client.csr

e.g., CN=GCS-Client-Certificate-v0x

3. Sign the client CSR using the client_cert extension

openssl ca -config mid-ca/mid-ca.conf -extensions client_cert -days 3650 -notext -in server/csr/client.csr -out server/client-certs/client.crt

4. Generate client PFX (if needed)

openssl pkcs12 -inkey server/private/client.key -in server/client-certs/client.crt -export -out server/client-certs/client.pfx -passout pass:

See also:

Download from CloudShell

OpenSSL - Initial Setup

OpenSSL (1) - Root CA

OpenSSL (2) - Intermediate CA

OpenSSL (3) - Server Certificate

OpenSSL (4) - Client Certificate

OpenSSL - Verify Certificate

OpenSSL - Revoke Certificate