Skip to main content

Code Signing

Below are the steps to create a code signing certificate using OpenSSL and an established EasyRSA CA.

# Step 1: Generate either an RSA or an EC private key... pick one...
openssl genrsa -out SuperCodeSigning.key
openssl ecparam -name secp384r1 -genkey -noout -out SuperCodeSigning.key
openssl ecparam -name secp521r1 -genkey -noout -out SuperCodeSigning.key

# Step 2: Make certificate request.
openssl req -new -key SuperCodeSigning.key -out SuperCodeSigning.req

# Step 3: Import certificate request to easyrsa.
easyrsa import-req SuperCodeSigning.req SuperCodeSigning

# Step 4: Sign certificate request, and make SPC certificate.
easyrsa sign-req code-signing SuperCodeSigning

# Step 5: Make PFX.
openssl pkcs12 -export -out SuperCodeSigning.pfx -inkey SuperCodeSigning.key -in SuperCodeSigning.crt -certfile SigningCA.crt

 

#end

Back to top