1. Create PEM key susie114:~> time openssl genrsa 1024 > source/PEM/keys/1024b-rsa-example-keypair.pem Generating RSA private key, 1024 bit long modulus ....................................++++++ ..++++++ e is 65537 (0x10001) real 0m0.068s user 0m0.064s sys 0m0.002s 2. Convert PEM to DER key susie114:~> openssl rsa -inform PEM -in source/PEM/keys/1024b-rsa-example-keypair.pem -outform DER -out source/DER/keys/1024b-rsa-example-keypair.der 3. Create PEM request susie114:~> openssl req -new -key source/PEM/keys/1024b-rsa-example-keypair.pem -out source/PEM/requests/1024b-rsa-example-request.pem You are about to be asked to enter information that will be incorporated into your certificate request. susie114:/srv/www/std-root/frank4dd.com/howto/openssl # openssl req -new -key source/PEM/keys/1024b-rsa-example-keypair.pem -out 1024b-rsa-example-request.pem You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:JP State or Province Name (full name) [Some-State]:Tokyo Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]:Frank4DD Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:www.example.com Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: 4. Convert PEM to DER request susie114:~> openssl req -inform PEM -in source/PEM/requests/1024b-rsa-example-request.pem -outform DER -out source/DER/requests/1024b-rsa-example-request.der 5. Create PEM certificate susie114:~> openssl x509 -req -in source/PEM/requests/1024b-rsa-example-request.pem -days 1825 -CA source/PEM/certs/frank4dd-cacert.pem -CAkey /srv/app/webCA/private/cakey.pem -set_serial 0x0dfe > 1024b-rsa-example-cert.pem Signature ok subject=/C=JP/ST=Tokyo/O=Frank4DD/CN=www.example.com Getting CA Private Key Enter pass phrase for /srv/app/webCA/private/cakey.pem: 6. Convert PEM to DER certificate susie114:~> openssl x509 -inform PEM -in source/PEM/certs/1024b-rsa-example-cert.pem -outform DER -out source/DER/certs/1024b-rsa-example-cert.der 7. Create PKCS12 certificate filebundle (Password: test) root@susie114:~> openssl pkcs12 -in source/PEM/certs/2048b-rsa-example-cert.pem -inkey source/PEM/keys/2048b-rsa-example-keypair.pem -export -out source/P12/2048b-rsa-example.p12