Create self-signed TLS certificates – PKCS8 key and x509 cert (works for Graylog 2 Gelf)

  • Okzz
  • Sunday, Sep 10, 2017
blog-image

This is an overview of a simple way to create a self signed TLS key pair. Particularly how to create the TLS files and convert the key file to the PKCS8 format.

Here it is:

Generate new key and create a self signed certificate:

Pem Key format

openssl req \
-x509 \
-nodes \
-days 365 \
-newkey rsa:4096 \
-keyout selfsigned.key.pem \
-out selfsigned-x509.crt \
-subj "/C=US/ST=WA/L=Seattle/CN=example.com/[email protected]"

Output:

  • selfsigned.key.pem - PEM Key
  • selfsigned-x509.crt - x509 Certificate

Convert PEM key to PKCS8 format

openssl pkcs8 \
-topk8 \
-inform PEM \
-outform PEM \
-in selfsigned.key.pem \
-out selfsigned-pkcs8.pem

Ouptut:

  • selfsigned-pkcs8.pem - PKCS formatted key

Thats it. Just change the parameters in the subject. both of these commands can be chained into a one liner, but it’s easy enough to just run them separately.

Done.

comments powered by Disqus

Latest Posts

View All Posts