Linux Server Tech (provided by Daily Data, Inc)

Generate your own signed ssl key

This was taken directly (copy/paste) from https://tapasmishra.wordpress.com/2012/06/14/how-to-create-ca-and-self-signed-certificate-with-openssl/. I will be modifying it as I go along, but the original comes from Tapas Mishra, who did all the research; I'm just stealing it!

 

Steps to create a self-signed certificate:

================================

Generate a server key:

openssl genrsa -des3 -out server.key 4096

create a certificate signing request

openssl req -new -key server.key -out server.csr

Now sign the certificate signing request

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Make a version of the server.key which doesn’t need a password:

openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key

 

Steps to create a self-signed certificate with CA:

=======================================

Generate your own CA (Certificate Authority)

openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt

Generate a server key and request for signing (csr).

openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr

Sign the certificate signing request (csr) with the self-created Certificate Authority (CA) that you made earlier.

openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

Make a server.key which doesn’t cause Apache to prompt for a password.

openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key

Last update:
2012-09-06 07:42
Author:
Rod
Revision:
1.0
Average rating:0 (0 Votes)

You cannot comment on this entry

Chuck Norris has counted to infinity. Twice.