Generate Client Certificate (.NET)
This page provides an example of generating a client certificate on Windows using the openssl utility.
Deploy a client certificate for a .NET Client
- Generate a client certificate:
openssl req -x509 -days 365 -subj "/C=US/ST=California/L=Daly City/ CN=clienthost.us.int.genesyslab.com" -newkey rsa:2048 -keyout wscpclientkey.pem -out wscpclient.pem
The output certificate without a private key, wscpclient.pem, will be given to the WSCP so that it can authenticate the client. The user will be asked to provide a PEM pass phrase, which is later used to export the certificate, along with the key, wscpclientkey.pem, to another format.
- Export the generated client certificate and the private key into PFX format:
openssl pkcs12 -export -out wscpclient.pfx -inkey wscpclientkey.pem -in wscpclient.pem
When exporting to PFX format, the user will be asked to provide a pass phrase (the same as the PEM pass phrase referred to in Step 1) and to set an Export Password, which will be used later.
- Import the PFX certificate to Personal Certificates for Current User: Import the wscpclient.pfx with Microsoft Management Console and follow the same procedure as used to import the sever certificate (Step 2 of the server certificate procedure), except that you must choose My user account rather than Computer account in Step d. The result will appear as shown below.
- Copy the client certificate to the server host: host: Copy the contents of wscpclient.pem into a file named wscp_clients.pem on the server host.