creating self-signed x509 certificate in HP UNIX

First of all, install openssl by using below command-

#swinstall –s /tmp/OpenSSL_A.01.00.02r.001_HP-UX_B.11.31_IA_PA.depot

To check installation: -

#swlist | grep –I openssl

Now you can create self-signed x509 certificate by following below steps: -

1.Run the following OpenSSL command to generate your private key and public certificate and Answer the questions and enter the Common Name when prompted.

# openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem

2. Review the created certificate:

#openssl x509 -text -noout -in certificate.pem

3. Now you can verify newly created self-signed certificate :-

# openssl verify certificate.pem

Received Output like :-

certificate.pem: C = IN, ST = Himachal Pradesh, L = Shimla, O = SYSNET, OU = JSK, CN = SYSNET, emailAddress = amitesh@jsk.in depth lookup: self-signed certificate

OK

4.Combine your key and certificate in a PKCS#12 (P12) bundle: -

#openssl pkcs12 -inkey key.pem -in certificate.pem -export -out certificate.p12

5.Validate your P2 file.

#openssl pkcs12 -in certificate.p12 -noout -info

for reference
-
# openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem
Generating a RSA private key
.................................+++++
............................................................................................................................................+++++
writing new private key to 'key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:Himachal Pradesh
Locality Name (eg, city) []:Shimla
Organization Name (eg, company) [Internet Widgits Pty Ltd]:SYSNET
Organizational Unit Name (eg, section) []:JSK
Common Name (e.g. server FQDN or YOUR name) []:SYSNET
Email Address []:amitesh@jsk.in
#
#
#
# openssl x509 -text -noout -in certificate.pem
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            92:e3:9d:6a:1f:43:0f:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=IN, ST=Himachal Pradesh, L=Shimla, O=SYSNET, OU=JSK, CN=SYSNET/emailAddress=amitesh@jsk.in
        Validity
            Not Before: Mar  7 09:31:38 2020 GMT
            Not After : Mar  7 09:31:38 2021 GMT
        Subject: C=IN, ST=Himachal Pradesh, L=Shimla, O=SYSNET, OU=JSK, CN=SYSNET/emailAddress=amitesh@jsk.in
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c8:44:4f:4d:7b:dd:73:06:3c:e2:ed:24:22:21:
                    f9:dd:1f:32:49:30:1e:40:81:7a:25:cd:12:0d:27:
                    43:8c:00:50:7b:06:a0:46:ba:55:bc:ee:8d:09:d4:
                    8d:bb:24:32:50:73:7f:72:f0:ae:19:b5:ac:28:5f:
                    52:8a:65:fc:86:84:26:83:53:16:25:56:d9:15:33:
                    b3:a6:56:40:57:88:a0:4b:83:33:43:f4:e5:89:99:
                    13:52:ac:b8:65:28:32:88:a2:84:4a:40:58:2a:88:
                    f9:c0:90:38:02:7d:17:4f:73:22:62:8c:21:77:d1:
                    28:71:f5:e5:77:e3:0a:c7:0f:44:4b:8b:68:52:0c:
                    b6:27:7c:8d:24:29:df:6d:1e:be:99:e9:00:f9:18:
                    09:0d:e0:0b:be:95:60:f6:bc:0d:28:a6:f5:00:70:
                    54:db:fb:4c:90:e8:ce:71:06:03:d7:7e:11:d1:20:
                    67:ff:66:60:ac:79:e4:53:86:6b:89:08:1e:81:04:
                    bf:69:5b:82:c0:9e:47:dd:9c:8e:ed:de:1a:8d:9d:
                    37:b2:84:4f:64:e1:3a:5e:22:32:fe:59:5e:d8:1a:
                    dd:86:f6:29:f0:cd:8f:37:ca:13:d9:c2:7c:09:c8:
                    50:42:b8:02:8d:19:3a:5e:66:27:a6:54:eb:89:74:
                    a2:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:5B:3D:07:5C:A8:26:A0:97:FE:BA:2E:1B:10:E6:0A:5B:42:DC:C8
            X509v3 Authority Key Identifier:
                keyid:1A:5B:3D:07:5C:A8:26:A0:97:FE:BA:2E:1B:10:E6:0A:5B:42:DC:C8

            X509v3 Basic Constraints:
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
         65:3e:70:1e:02:47:7b:1f:3b:8e:ab:90:17:1f:d8:05:29:7e:
         72:54:92:b0:ac:0e:84:23:0b:be:c4:65:a3:d4:3c:9b:9f:65:
         cf:70:0f:ec:20:68:bd:2d:45:27:1b:e9:0b:d7:d0:9f:8f:9c:
         0f:1a:0f:f6:ec:1e:58:64:07:80:ef:81:54:b0:d8:5f:fd:37:
         b4:b8:3c:df:56:13:29:e0:5c:b1:cd:27:9d:f6:d8:71:4d:8b:
         ae:18:21:0a:d6:56:5d:c5:b5:80:ad:76:cc:23:87:9c:a4:93:
         79:82:b1:c2:d0:29:ff:b1:04:d9:81:83:4c:de:81:cc:d9:e0:
         54:7f:43:eb:3b:11:f4:58:ea:7c:9a:ca:ea:cd:a3:b6:4b:85:
         1a:20:d2:33:2c:7c:bd:10:0e:4f:9c:7d:1e:76:2e:5a:fb:c4:
         f7:66:e9:08:c2:4b:21:44:14:e6:8d:23:36:18:b8:2c:68:e2:
         c8:dc:59:b8:fd:e1:e9:3d:5a:73:6d:69:cb:43:5b:f2:92:17:
         74:86:3e:4c:f4:c7:d5:cc:89:ec:c9:f1:51:d9:6b:4c:8c:5b:
         08:34:36:a3:04:0d:e7:57:65:4f:93:7c:84:8f:6f:36:73:22:
         9d:63:80:f7:e2:ed:60:c0:08:0f:11:c0:ea:2d:3e:7d:a6:8f:
         e7:fa:73:56
#
#
## openssl verify certificate.pem
certificate.pem: C = IN, ST = Himachal Pradesh, L = Shimla, O = SYSNET, OU = JSK, CN = SYSNET, emailAddress = amitesh@jsk.in
error 18 at 0 depth lookup:self signed certificate
OK
# openssl pkcs12 -inkey key.pem -in certificate.pem -export -out certificate.p12
Enter Export Password:
Verifying - Enter Export Password:
#
#
# openssl pkcs12 -in certificate.p12 -noout -info
Enter Import Password:
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
#
#