Client Cert

How to create client certificates with CFSSL.

Client Certificates

Create a Key

    cd /root/ca
    openssl genrsa -out intermediate/private/ 2048
    chmod 400 intermediate/private/

Create a Certificate

    openssl req -config intermediate/openssl.cnf \
        -key intermediate/private/ \
        -new -sha256 -out intermediate/csr/

    openssl ca -config intermediate/openssl.cnf \
          -extensions server_cert -days 375 -notext -md sha256 \
          -in intermediate/csr/ \
          -out intermediate/certs/

    chmod 444 intermediate/certs/

Certificate including CA chain

Certificates should be combined in this order:

  1. Primary certificate
  2. Intermediate certificate
  3. Root certificate