To create client certificates:
If you must independently create a private key for the client and CSR, you can use the OpenSSL tool. To do so, enter the following commands:
openssl genrsa -des3 -out client.key 4096
openssl req -new -key client.key -out client.csr
For the created certificate, in the settings of the OpenSSL tool specify the certificate validity period in days (the days
setting) and the serial number of the certificate (the set_serial
setting). Example command for creating a certificate:
openssl x509 -req -days 365 -in client.csr \
-CA product_facade_grpc_ca.crt \
-CAkey product_facade_grpc_ca.key \
-set_serial 01 -out client.crt
If you are using intermediate certificates, they must also be included in the chain. To create a certificate chain, enter the following command:
cat product_facade_grpc_ca.crt >> client.crt
This file needs to be sent only when the private key of the client has been created by the administrator.
This file includes the certificate chain, beginning with the signed client certificate and ending with the root certificate of the gRPC server.