concosminx · June 6, 2022 14:49 · Jul 21, 2021 · Jul 21, 2021
diff --git a/create_x509_certs.md b/create_x509_certs.md
@@ -1,5 +1,7 @@
 # Create X.509 certificates
 
+(Steps taken from: https://www.baeldung.com/x-509-authentication-in-spring-security)
+
 All passwords: _changeit_
 
 ## RootCA

diff --git a/create_x509_certs.md b/create_x509_certs.md
@@ -0,0 +1,29 @@
+# Create X.509 certificates
+
+All passwords: _changeit_
+
+## RootCA
+
+    openssl req -x509 -sha256 -days 3650 -newkey rsa:4096 -keyout rootCA.key -out rootCA.crt
+
+## Host certificate
+
+    openssl req -new -newkey rsa:4096 -keyout localhost.key -out localhost.csr -nodes
+
+Sign host csr with rootCA (see below for file `localhost.ext`):
+
+    openssl x509 -req -CA rootCA.crt -CAkey rootCA.key -in localhost.csr -out localhost.crt -days 365 -CAcreateserial -extfile localhost.ext
+
+---
+
+## Client (user) certificate
+
+    openssl req -new -newkey rsa:4096 -nodes -keyout fredFlintstone.key -out fredFlintstone.csr
+
+Sign client csr with rootCA:
+
+    openssl x509 -req -CA rootCA.crt -CAkey rootCA.key -in fredFlintstone.csr -out fredFlintstone.crt -days 365 -CAcreateserial
+
+Import client key and crt in keystore to create the "certificate" to be used in the browser:
+
+    openssl pkcs12 -export -out fredFlintstone.p12 -name "fredFlintstone" -inkey fredFlintstone.key -in fredFlintstone.crt
diff --git a/localhost.ext b/localhost.ext
@@ -0,0 +1,5 @@
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+subjectAltName = @alt_names
+[alt_names]
+DNS.1 = localhost
No results found