11.3.3 Creating Certificates
Perform the following command to generate "RSA" pem certificates for local and peer nodes:
1. openssl genrsa -out my-root-ca-key.pem 2048
2. openssl req -x509 -new -nodes -key my-root-ca-key.pem -days 1024 -out my-root-ca-cert.pem -outform PEM
3. openssl genrsa -out my-server-key.pem 2048
4. openssl req -new -key my-server-key.pem -out my-server.csr
5. openssl x509 -req -in my-server.csr -CA my-root-ca-cert.pem -CAkey my-root-ca-key.pem -CAcreateserial -out my-server-cert.pem -days 365Perform the following command to generate "ECDSA" pem certificates for local and peer nodes:
1. openssl ecparam -name prime256v1 -genkey -noout -out my-root-ca-key.pem
2. openssl req -x509 -new -nodes -key my-root-ca-key.pem -days 1024 -out my-root-ca-cert.pem -outform PEM
3. openssl ecparam -name prime256v1 -genkey -noout -out my-server-key.pem
4. openssl req -new -key my-server-key.pem -out my-server.csr
5. openssl x509 -req -in my-server.csr -CA my-root-ca-cert.pem -CAkey my-root-ca-key.pem -CAcreateserial -out my-server-cert.pem -days 365Perform the following command to generate "DSA" pem certificates for local and peer nodes.
1. openssl dsaparam -out dsa-params.pem 2048
2. openssl gendsa -out my-root-ca-key.pem dsa-params.pem
3. openssl req -x509 -new -nodes -key my-root-ca-key.pem -sha256 -days 3650 -out my-root-ca-cert.pem
4. openssl dsaparam -out server-dsa-params.pem 2048
5. openssl gendsa -out my-server-key.pem server-dsa-params.pem
6. openssl req -new -key my-server-key.pem -out my-server.csr
7. openssl x509 -req -in my-server.csr -CA my-root-ca-cert.pem -CAkey my-root-ca-key.pem -CAcreateserial -out my-server-cert.pem -days 365