Creating a self-signed SSL certificate

From Notes to self

Revision as of 19:53, 13 June 2015 by Verbovet (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

There are 2 possibilities: make a CA (Certificate Authority) and sign a server certificate with it or simply self-sign a server certificate.

Without making a CA (Certificate Authority):
- $ openssl req -new -x509 -sha256 -newkey rsa:2048 -days 10000 -nodes -out server.crt -keyout server.key
- Set the Common Name (CN) to the FQDN and enter "." for everything else.
Creating a CA and sign a server certificate with it:
- $ openssl req -new -x509 -sha256 -newkey rsa:2048 -days 10000 -nodes -out myCA.crt -keyout myCA.key

Put files server.crt and server.key to /etc/httpd/ (on Slackware) and set their permissions to 400.

Retrieved from "https://alik.ejik.org/index.php?title=Creating_a_self-signed_SSL_certificate&oldid=1225"

Linux