If you are interested in software developing about openssl, the best way to master it is coding. First of all is getting a ca (Certificate Authority) certificate. Following me step by step, you’ll create a ca certificate, the client and the site certificates.

 

1.       create a pair of the keys (the public key and the private key) with the following command

openssl genrsa –out testca.key –des3 –passout pass:123456 1024

2.       construct the request of the certificate with the command

openssl req -key testca.key -passin pass:123456 -new -out testca.req

3.       create the ca certificate signed by itself

openssl x509 -req -in testca.req -signkey testca.key -out testca.pem -passin pass:123456

 

In this way, you can create the ca certificate and it’s signed by itself. Yes, it become a fake root ca certificate. However, you can use it to sign other certificates to do the experiments about the openssl. You should create the server certificate and the client certificate after the creation of the root ca certificate. Follow the step 1 and step 2 to create the key pairs and the requests of the certificate and create the certificates with the following command.

openssl x509 -req -in mysite.req -CA testca.pem -CAkey testca.key -out mysite.pem -passin pass:123456  -CAcreateserial