Creating a self-signed SSL certificate: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 7: | Line 7: | ||
*Creating a CA and sign a server certificate with it: | *Creating a CA and sign a server certificate with it: | ||
**<code>$ openssl req -new -x509 -sha256 -newkey rsa:2048 -days 10000 -nodes -out myCA.crt -keyout myCA.key</code> | **<code>$ openssl req -new -x509 -sha256 -newkey rsa:2048 -days 10000 -nodes -out myCA.crt -keyout myCA.key</code> | ||
**<code>$ openssl genrsa -out server.key 2048</code> | |||
**<code>$ </code> | |||
**<code>$ </code> | |||
**<code>$ </code> | |||
**<code>$ </code> | |||
**<code>$ </code> | |||
*Put files <code>server.crt</code> and <code>server.key</code> to <code>/etc/httpd/</code> (on Slackware) and set their permissions to 400. | *Put files <code>server.crt</code> and <code>server.key</code> to <code>/etc/httpd/</code> (on Slackware) and set their permissions to 400. | ||
[[Category: Linux]] | [[Category: Linux]] | ||
Revision as of 20:01, 13 June 2015
- There are 2 possibilities:
- self-sign a server certificate or
- make a CA (Certificate Authority) and sign a server certificate with it
- Without a CA:
$ openssl req -new -x509 -sha256 -newkey rsa:2048 -days 10000 -nodes -out server.crt -keyout server.key- Set the Common Name (CN) to the FQDN and enter "." for everything else.
- Creating a CA and sign a server certificate with it:
$ openssl req -new -x509 -sha256 -newkey rsa:2048 -days 10000 -nodes -out myCA.crt -keyout myCA.key$ openssl genrsa -out server.key 2048$$$$$
- Put files
server.crtandserver.keyto/etc/httpd/(on Slackware) and set their permissions to 400.