Cloning X.509 Certificates

The x509certificatecloner plugin allows to clone X.509 certificates. It will create certificates with the exact same properties as the original one, but with a new, randomly generated RSA public key. It will save the new certificate and the generated private key to output files. The following example will use GitHub's certificate, which can be retrieved as follows:

openssl s_client -showcerts -connect github.com:443 </dev/null >cert

Printing the plugin help

deen x509clone -h

Clone self signed certificate

The default mode -s will create a new self signed certificate:

deen x509clone cert -s

This will result in three new files:

cloned_cert: The new private key.
cloned_cert.cert: The new certificate.
cloned_cert.pem: Both the new private key and certificate in a single file.

Clone certificate signed with CA cert/key

Instead of creating a self signed certificate, it is possible to sign the cloned certificate with a specific CA:

deen x509clone cert ca.crt ca.key

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Cloning X.509 Certificates

Printing the plugin help

Clone self signed certificate

Clone certificate signed with CA cert/key

Clone this wiki locally