Creating a self-signed SSL certificate: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
===This is outdated. Better use [[Let’s Encrypt]]!=== | |||
*There are 2 possibilities: | *There are 2 possibilities: | ||
#to self-sign a server certificate or | #to self-sign a server certificate or | ||
Latest revision as of 14:00, 23 November 2016
This is outdated. Better use Let’s Encrypt!
- There are 2 possibilities:
- to self-sign a server certificate or
- make a CA (Certificate Authority) and sign a server certificate with it
- Without a CA:
$ openssl req -new -x509 -sha256 -newkey rsa:2048 -days 10000 -nodes -out server.crt -keyout server.key- Set the Common Name (CN) to the FQDN and enter "." for everything else.
- Creating a CA and sign a server certificate with it:
$ openssl req -new -x509 -sha256 -newkey rsa:2048 -days 10000 -nodes -out myCA.crt -keyout myCA.key- Set the Common Name (CN) to something like "ACME root certificate" and enter "." for everything else.
$ openssl req -new -sha256 -newkey rsa:2048 -nodes -out server.csr -keyout server.key- Set the Common Name (CN) to the FQDN and enter "." for everything else.
$ openssl x509 -req -sha256 -in server.csr -CA myCA.crt -CAkey myCA.key -CAcreateserial -out server.crt -days 10000
- Put files
server.crtandserver.keyto/etc/httpd/(on Slackware) and set their permissions to 400.