Generate untrusted server p12 certificate with one click

Question

To test some stuff I need to create a bunch of untrusted p12 certificates to be used by untrusted web-server. I read openssl documentation and tried to follow the instructions but the process is very complicated, aggravating and error prone. Is there an easy way (GUI, web application) to get a server certificate with arbitrary subject signed by untrusted, fake CA.

Naked OpenSSL command line tool is not an option because the process is complicated and error-prone. If there is a script that simplifies it I would like to hear.

score 3 · Accepted Answer · answered Feb 12 '12 at 12:38

If a script that simplifies it is enough, then:

#!/bin/sh

subject="/O=Honest Achmed/OU=Fake Certs/CN=google.com"
file="google"

Issue a self-signed certificate (with CA bit enabled):

openssl req -new -newkey rsa:2048 -days 365 -subj "$subject" \
    -x509 -out "$file.pem" -keyout "$file.key" -nodes

Issue a CA-signed certificate:

openssl req -new -newkey rsa:2048 -days 365 -subj "$subject" \
    -out "$file.csr" -keyout "$file.key" -nodes

openssl x509 -req -in "$file.csr" -out "$file.pem" \
    -CA "$cafile.pem" -CAkey "$cafile.key" -CAserial "serial.txt"

Export to PKCS#12:

openssl pkcs12 -export -in "$file.pem" -inkey "$file.key" -out "$file.p12"

Alternative tools are certtool from GnuTLS and hx509 from Heimdal.

Thanks it worked (after changing file to cafile in first command) — Muxecoid, Feb 12 '12 at 12:56

Generate untrusted server p12 certificate with one click

1 Answers1