Create a Server Certificate

1. Generate a key file (It can be one-off operation)

openssl genrsa -out server/private/server.key 2048

2. Generate a Certificate Signing Request (CSR)

openssl req -config mid-ca/mid-ca.conf -key server/private/server.key -new -sha256 -out server/csr/server.csr

e.g., CN=GCS-Server-Certificate-v0x

3. Sign the request (CSR) by Sub-CA

openssl ca -config mid-ca/mid-ca.conf -extensions server_cert -days 3650 -notext -in server/csr/server.csr -out server/certs/server.crt

4. Generate PFX with NO password

openssl pkcs12 -inkey server/private/server.key -in server/certs/server.crt -export -out server/certs/server.pfx -passout pass:

5. Result

See also:

Download from CloudShell

OpenSSL - Initial Setup

OpenSSL (1) - Root CA

OpenSSL (2) - Intermediate CA

OpenSSL (3) - Server Certificate

OpenSSL (4) - Client Certificate

OpenSSL - Verify Certificate

OpenSSL - Revoke Certificate