How to create server.pem, client.pem and ca.pem files?

Hi all,

server.pem, client.pem and ca.pem files are provided in handouts and we we are using it for our homework. I want to create my own pem files. Can someone please guide me for this?

you can create pem files using any key generation tools like openssl, keytool etc. several commands for these tools are available on google.

Hi anudeepsp,

You can find the MongoDB requirements for certs here:

https://docs.mongodb.com/manual/tutorial/configure-x509-member-authentication/

David

1 Like

@ anudeepsp. I followed this post to set-up my own replica set with x.509 from scratch. But it needs a little bit tuning based on the docs David mentioned.

1 Like

Thank you all! Information provided by you all is very helpful.
I did below to generate pem files required for this class and it worked :slight_smile:

/////Creating own pem files for x509 authentication/////

  1. Creating ca pem file

openssl genrsa -des3 -out myCA.key 2048
openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem

  1. create config files. ( in my case its anudeepsp-ubuntu.txt and content of the files mentioned below )

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = anudeepsp-ubuntu

  1. create server pem file using ca files and config file.

openssl genrsa -out myServer.key 2048
openssl req -new -key myServer.key -out myServer.csr
openssl x509 -req -in myServer.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out myServer.crt -days 1825 -sha256 -extfile anudeepsp-ubuntu.txt
cat myServer.key myServer.crt > myServer.pem

  1. create client pem file using ca files and config file.

openssl genrsa -out myClient.key 2048
openssl req -new -key myClient.key -out myClient.csr
openssl x509 -req -in myClient.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out myClient.crt -days 1825 -sha256 -extfile anudeepsp-ubuntu.txt
cat myClient.key myClient.crt > myClient.pem

  1. Getting the subject of client pem file for cretaing user

openssl x509 -in myClient.pem -inform PEM -subject -nameopt RFC2253 | grep subject

Then use “CN=anudeepsp,OU=mongodb,O=ASP,L=Bengaluru,ST=Karnataka,C=IN” for creatig user.

2 Likes

@anudeepsp

Awesome !

Thanks for sharing

David

Hi ,

Could anyone please let us know how to create a key file for internal authentication in replicaset on windows server?

Thanks,
Mahesh E

Welcome @Mahesh_Eligedi

It’s recommended to leave old threads alone, this is a 1 year old thread. In addition, your question has no connection to this thread.

Suggest you create your own thread and someone will be able to assist.