I had to create a self-signed certificate for client-server application but I do not understand what each file and command means and how the client and server work together to do the mutual SSL handshake.
I follow those commands:
creating csr.conf:
[req]
default_bits = 4096
prompt = no
encrypt_key = yes
default_md = sha256
req_extensions = v3_req
distinguished_name = req_distinguished_name
[req_distinguished_name]
emailAddress = admin@admin.dev
CN = ${SERVICE}.${NAMESPACE}.svc
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = ${SERVICE}
DNS.2 = ${SERVICE}.${NAMESPACE}
IP.1 = 127.0.0.1
Private Key based on our CSR
openssl genrsa -out ${TMPDIR}/vault.key 4096
create server.csr with our csr.conf and private key
openssl req -config ${TMPDIR}/csr.conf -new -key ${TMPDIR}/vault.key -subj “//CN=${SERVICE}.${NAMESPACE}.svc” -out ${TMPDIR}/server.csr
Also, what is the PEM file that I see that sometimes is created? What is the difference between PEM and CA files?
Can you explain in simple words what each part does and how they do the mutual SSL between the client and server?