Creating a self-signed SSL certificate: Difference between revisions

From Notes to self
Jump to navigation Jump to search
← Older editNewer edit →
Verbovet (talk | contribs)
Bureaucrats, Interface administrators, Administrators
2,627 edits
No edit summary
No edit summary
Line 2: Line 2:
**<code>$ openssl req -new -x509 -sha256 -days 10000 -nodes -out server.crt -keyout server.key</code>
**<code>$ openssl req -new -x509 -sha256 -days 10000 -nodes -out server.crt -keyout server.key</code>
**Set the Common Name (CN) to the FQDN and enter "." for everything else.
**Set the Common Name (CN) to the FQDN and enter "." for everything else.
*Make a CA and sign a server certificate with it
*Creating a CA and sign a server certificate with it
**openssl genrsa -out myCA.key 2048
**openssl genrsa -out myCA.key 2048
**openssl req -new -x509 -sha256 -days 10000 -nodes -key myCA.key -out myCA.crt
*Put files <code>server.crt</code> and <code>server.key</code> to <code>/etc/httpd/</code> (on Slackware) and set their permissions to 400.
*Put files <code>server.crt</code> and <code>server.key</code> to <code>/etc/httpd/</code> (on Slackware) and set their permissions to 400.


[[Category: Linux]]
[[Category: Linux]]

Revision as of 19:42, 13 June 2015

  • Without making a CA (Certificate Authority)
    • $ openssl req -new -x509 -sha256 -days 10000 -nodes -out server.crt -keyout server.key
    • Set the Common Name (CN) to the FQDN and enter "." for everything else.
  • Creating a CA and sign a server certificate with it
    • openssl genrsa -out myCA.key 2048
    • openssl req -new -x509 -sha256 -days 10000 -nodes -key myCA.key -out myCA.crt
  • Put files server.crt and server.key to /etc/httpd/ (on Slackware) and set their permissions to 400.
Retrieved from "https://alik.ejik.org/index.php?title=Creating_a_self-signed_SSL_certificate&oldid=1223"