Crezione certificato X509 con estensioni

Crea il file config.cnf:

[req]
distinguished_name      = req_distinguished_name
attributes              = req_attributes
x509_extensions= usr_cert
req_extensions= v3_req

[usr_cert]
basicConstraints=CA:FALSE
#nsCertType=client, server, email
#keyUsage=nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage=serverAuth, clientAuth, codeSigning, emailProtection
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer

[v3_req]
#extendedKeyUsage=serverAuth,clientAuth,codeSigning,emailProtection
#basicConstraints = CA:FALSE
#keyUsage = nonRepudiation, digitalSignature, keyEncipherment

[req_distinguished_name]
countryName                     = Country Name (2 letter code)
countryName_default             = IT
countryName_min                 = 2
countryName_max                 = 2

stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = Italy

localityName                    = Locality Name (eg, city)
localityName_default            = Potenza

0.organizationName              = Organization Name (eg, company)
0.organizationName_default		= Azienda

organizationalUnitName          = Organizational Unit Name (eg, section)
organizationalUnitName_default	= Organizzazione Tipo

commonName                      = Common Name (eg, YOUR name)
commonName_default              = Francesco
commonName_max                  = 64

emailAddress                    = Email Address
emailAddress_default           	= francesco@test.it
emailAddress_max                = 64

[req_attributes]

Lancia il comando:

openssl req -x509 -config config.cnf -nodes -days 730 -newkey rsa:2048 -keyout key.pem -out public.pem