cfssl Usage Demo

Workflows

CA: generate own cert

cfssl gencert -initca ca-csr.json | cfssljson -bare ca -

server: generate own CSR

cfssl genkey server.json | cfssljson -bare server

CA: sign server's CSR

cfssl sign -config=ca-config.json -profile=server -csr=server.csr -ca=ca.pem -ca-key=ca-key.pem | cfssljson -bare server

client+CA: generate client's CSR & sign client's CSR

cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=client client.json | cfssljson -bare client

Viewing

PEM key

openssl rsa -in ca-key.pem -text

PEM cert

openssl x509 -in ca.pem -text

Conversions

PEM cert to DER

openssl x509 -in ca.pem -inform PEM -out ca.crt -outform DER

PEM key+cert to PKCS12

openssl pkcs12 -export -out client-key.pfx -inkey client-key.pem -in client.pem

Notes

Do not issue certificates for 'localhost'.
Do not issue certificates for '127.0.0.1'.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

cfssl Usage Demo

Workflows

CA: generate own cert

server: generate own CSR

CA: sign server's CSR

client+CA: generate client's CSR & sign client's CSR

Viewing

PEM key

PEM cert

Conversions

PEM cert to DER

PEM key+cert to PKCS12

Notes

Files

README.md

Latest commit

History

README.md

File metadata and controls

cfssl Usage Demo

Workflows

CA: generate own cert

server: generate own CSR

CA: sign server's CSR

client+CA: generate client's CSR & sign client's CSR

Viewing

PEM key

PEM cert

Conversions

PEM cert to DER

PEM key+cert to PKCS12

Notes