tests/certificate-authority/ec/certificate_generation.txt - pulsar - Git at Google

 # CA Private Key
 openssl ecparam -name secp256r1 -genkey  -out ca.key.pem
 # Request certificate
 openssl req -x509 -new -nodes -key ca.key.pem -subj "/CN=CARoot" -days 3650 -out ca.cert.pem

 # Server Private Key
 openssl ecparam -name secp256r1 -genkey  -out server.key.pem
 # Convert to pkcs8
 openssl pkcs8 -topk8 -inform PEM -outform PEM -in server.key.pem -out server.key-pk8.pem -nocrypt
 # Request certificate
 openssl req -new -config server.conf -key server.key.pem -out server.csr.pem -sha256
 # Sign with CA
 openssl x509 -req -in server.csr.pem -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -out server.cert.pem -days 3650 -extensions v3_ext -extfile server.conf -sha256

 # Broker internal client Private Key
 openssl ecparam -name secp256r1 -genkey  -out broker_client.key.pem
 # Convert to pkcs8
 openssl pkcs8 -topk8 -inform PEM -outform PEM -in broker_client.key.pem -out broker_client.key-pk8.pem -nocrypt
 # Request certificate
 openssl req -new -subj "/CN=broker_client" -key broker_client.key.pem -out broker_client.csr.pem -sha256
 # Sign with CA
 openssl x509 -req -in broker_client.csr.pem -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -out broker_client.cert.pem -days 3650 -sha256


 # Client Private Key
 openssl ecparam -name secp256r1 -genkey  -out client.key.pem
 # Convert to pkcs8
 openssl pkcs8 -topk8 -inform PEM -outform PEM -in client.key.pem -out client.key-pk8.pem -nocrypt
 # Request certificate
 openssl req -new -subj "/CN=client" -key client.key.pem -out client.csr.pem -sha256
 # Sign with CA
 openssl x509 -req -in client.csr.pem -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -out client.cert.pem -days 3650 -sha256
	# CA Private Key
	openssl ecparam -name secp256r1 -genkey -out ca.key.pem
	# Request certificate
	openssl req -x509 -new -nodes -key ca.key.pem -subj "/CN=CARoot" -days 3650 -out ca.cert.pem

	# Server Private Key
	openssl ecparam -name secp256r1 -genkey -out server.key.pem
	# Convert to pkcs8
	openssl pkcs8 -topk8 -inform PEM -outform PEM -in server.key.pem -out server.key-pk8.pem -nocrypt
	# Request certificate
	openssl req -new -config server.conf -key server.key.pem -out server.csr.pem -sha256
	# Sign with CA
	openssl x509 -req -in server.csr.pem -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -out server.cert.pem -days 3650 -extensions v3_ext -extfile server.conf -sha256

	# Broker internal client Private Key
	openssl ecparam -name secp256r1 -genkey -out broker_client.key.pem
	# Convert to pkcs8
	openssl pkcs8 -topk8 -inform PEM -outform PEM -in broker_client.key.pem -out broker_client.key-pk8.pem -nocrypt
	# Request certificate
	openssl req -new -subj "/CN=broker_client" -key broker_client.key.pem -out broker_client.csr.pem -sha256
	# Sign with CA
	openssl x509 -req -in broker_client.csr.pem -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -out broker_client.cert.pem -days 3650 -sha256


	# Client Private Key
	openssl ecparam -name secp256r1 -genkey -out client.key.pem
	# Convert to pkcs8
	openssl pkcs8 -topk8 -inform PEM -outform PEM -in client.key.pem -out client.key-pk8.pem -nocrypt
	# Request certificate
	openssl req -new -subj "/CN=client" -key client.key.pem -out client.csr.pem -sha256
	# Sign with CA
	openssl x509 -req -in client.csr.pem -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -out client.cert.pem -days 3650 -sha256