2020-1-14

Generate CA key

openssl req -new -x509 -nodes -days 7300 -extensions v3_ca -keyout ca.key -out ca.crt -subj /CN=example.com

Generate intermediate CA

Generate key

openssl genrsa -out intermediate.key 4096

Generate a certificate signing request

openssl req -out intermediate.csr -key intermediate.key -new -subj /CN=example.com

Sign

openssl x509 -req -in intermediate.csr -CA ca-single.crt -CAkey ca.key -CAcreateserial -out intermediate.crt -days 3650

Generates the certificate chain

cat intermediate.crt ca.crt > intermediate-chain.crt

Generate a certificate

Key

openssl genrsa -out server.key 2048

Certificate signing request

openssl req -out server.csr -key server.key -new

Sign the certificate

openssl x509 -req  -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 3650

View

openssl x509 -noout -text -in file.pem

Verify

openssl verify -CAfile intermediate.pem server.crt

Android

openssl pkcs12 -inkey example.com.key -in example.com.crt -export -out example.com.pfx