1

I'm trying to create a basic SSL socket using self signed certificates. I'm following Ubuntu's guide at OpenSSL. I have a working server_crt.pem and server_key.pem. When I place the server_crt.pem in my client (as well as having it in my server) the SSL socket works.

However I know that clients should have their own certificates and not have duplicates of the server. I've looked for duplicates and haven't found any straight answers to this...

How do I create a client certificate that's linked to my self signed CA file?

jww
  • 97,681
  • 90
  • 411
  • 885
Babra Cunningham
  • 2,949
  • 1
  • 23
  • 50
  • 1
    I don't know how hard you've looked but using a search engine and search for [create client certificate](https://www.google.com/search?q=create+client+certificate) results in lots of useful hits which answer your question. – Steffen Ullrich Sep 07 '16 at 18:26
  • @ronaldmurphy - The cited duplicate should well on your path since it gives you both the `s_client` commands and the API calls. Come back if you have specific questions. Also see [How do you sign Certificate Signing Request with your Certification Authority](http://stackoverflow.com/a/21340898/608639) and [How to create a self-signed certificate with openssl?](http://stackoverflow.com/q/10175812/608639) – jww Sep 07 '16 at 19:15
  • @jww how is this in anyway a duplicate? The question you've linked relates to testing using s_server and s_client.. not about creating the certificate? Please explain – Babra Cunningham Sep 08 '16 at 08:35
  • @ronaldmurphy - Creating certificates is off-topic for Stack Overflow. There is information on Stack Overflow with respect to creating them, but they came from a time when the site's rules were different. A couple of them have been cited for you. The cited duplicate provides you with the information you need to use them in your program, and test them using openssl commands. I can remove the duplucate close and move to an off-topic close if you'd like. I find the duplicate close more helpful to the person asking the question. – jww Sep 08 '16 at 10:19

0 Answers0