Creating a self-signed SSL certificate: Difference between revisions

Revision as of 20:03, 13 June 2015

Without a CA:
- $ openssl req -new -x509 -sha256 -newkey rsa:2048 -days 10000 -nodes -out server.crt -keyout server.key
- Set the Common Name (CN) to the FQDN and enter "." for everything else.
Creating a CA and sign a server certificate with it:
- $ openssl req -new -x509 -sha256 -newkey rsa:2048 -days 10000 -nodes -out myCA.crt -keyout myCA.key
- $ openssl genrsa -out server.key 2048
- $ openssl req -new -key server.key -out server.csr
- Set the Common Name (CN) to something like "ACME root certificate" and enter "." for everything else.
- $ openssl x509 -req -sha256 -in server.csr -CA myCA.crt -CAkey myCA.key -CAcreateserial -out server.crt -days 10000
Put files server.crt and server.key to /etc/httpd/ (on Slackware) and set their permissions to 400.

@@ Line 8: / Line 8: @@
 **<code>$ openssl req -new -x509 -sha256 -newkey rsa:2048 -days 10000 -nodes -out myCA.crt -keyout myCA.key</code>
 **<code>$ openssl genrsa -out server.key 2048</code>
-**<code>$ </code>
+**<code>$ openssl req -new -key server.key -out server.csr</code>
-**<code>$ </code>
+**Set the Common Name (CN) to something like "ACME root certificate" and enter "." for everything else.
-**<code>$ </code>
+**<code>$ openssl x509 -req -sha256 -in server.csr -CA myCA.crt -CAkey myCA.key -CAcreateserial -out server.crt -days 10000</code>
-**<code>$ </code>
-**<code>$ </code>
 *Put files <code>server.crt</code> and <code>server.key</code> to <code>/etc/httpd/</code> (on Slackware) and set their permissions to 400.
 [[Category: Linux]]