1. Enter the openssl command and enter the openssl (iBMC) |
![]() |
2. Generate a CA сertificate Create a private key: genrsa -out ca-key.pem 1024 Create a Certificate Request: req -new -out ca-req.csr -key ca-key.pem -config openssl.cnf After execution, the ca-key.pem and ca-req.csr files are generated under the directory |
![]() |
3. Self-signed сertificate: x509 -req -in ca-req.csr -out ca-cert.pem -signkey ca-key.pem -days 365 The ca-cert.pem file is generated after the execution completes |
![]() |
4. Generate a server certificate Create a private key: genrsa -out server-key.pem 1024 Create a certificate request: req -new -out server-req.csr -key server-key.pem -config openssl.cnf Execution Complete Build server-key.pem and server-req.csr files |
![]() |
5. Self-signed сertificate: x509 -req -in server-req.csr -out server-cert.pem -signkey server-key.pem -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -days 365 Execution сomplete build a server-cert.pem file |
![]() |
6. Generate the client certificate, similar to the server generated certificate Create a private key: genrsa -out client-key.pem 1024 Create a certificate request: req -new -out client-req.csr -key client-key.pem -config openssl.cnf Self-signed Certificate: x509 -req -in client-req.csr -out client-cert.pem -signkey client-key.pem -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -days 365 |
![]() |
To this CA certificate, server certificate, client certificate all generated, import the corresponding server or client can use normally
7. Convert the pem certificate type to a P12
pkcs12 -export -in server-cert.pem -inkey server_key.pem -out server_cert.p12
pkcs12 -export -in client-cert.pem -inkey client_key.pem -out client_cert.p12
Execution Complete Build server-cert.p12 and client_cert.p12 file.