Generate Client Certificate (.NET)

This page provides an example of generating a client certificate on Windows using the openssl utility.

Deploy a client certificate for a .NET Client

Start

1. Generate a client certificate:

   openssl req -x509 -days 365 -subj "/C=US/ST=California/L=Daly City/
   CN=clienthost.us.int.genesyslab.com" -newkey rsa:2048 -keyout 
   wscpclientkey.pem -out wscpclient.pem

   The output certificate without a private key, wscpclient.pem, will be given to the WSCP so that it can authenticate the client. The user will be asked to provide a PEM pass phrase, which is later used to export the certificate, along with the key, wscpclientkey.pem, to another format.

2. Export the generated client certificate and the private key into PFX format:

   openssl pkcs12 -export -out wscpclient.pfx -inkey wscpclientkey.pem -in wscpclient.pem

   When exporting to PFX format, the user will be asked to provide a pass phrase (the same as the PEM pass phrase referred to in Step 1) and to set an Export Password, which will be used later.

3. Import the PFX certificate to Personal Certificates for Current User: Import the wscpclient.pfx with Microsoft Management Console and follow the same procedure as used to import the sever certificate (Step 2 of the server certificate procedure), except that you must choose My user account rather than Computer account in Step d. The result will appear as shown below.
   

   Importing PFX Certificate
4. Copy the client certificate to the server host: host: Copy the contents of wscpclient.pem into a file named wscp_clients.pem on the server host.

End