Create Private Key, Certificate Request and (optionally) self-signed cert using OpenSSL 
Monday, 11 February 2013, 20:00 - Apache Stuff, OpenSSL
Posted by Administrator
First, set the common name (CN, ~FQDN) for the certificate:
CN=host.domain.tld

Change to the directory where you would like to store the data relevant for certificates, e.g.:
cd /etc/ssl

Then create a private key:
openssl genrsa -out private/${CN}.key 2048

Generate the signing Request, either:
a) interactively, you'll have to answer some questions...:
openssl req -new -key private/${CN}.key -out ${CN}.csr

b) using a customized openssl config file:
openssl req -new -config ${CN}-openssl.cnf -key private/${CN}.key -out ${CN}.csr

Now you may either:
a) send the certificate request to an (official or internal) Certificate Authority to sign the Certificate

b) for testing purposes only, you can also self-sign the certificate:
openssl x509 -req -days 1825 -in ${CN}.csr -signkey private/${CN}.key -out certs/${CN}.crt

When you have received signed (or self-signed) certificate, you can copy all the files to the appropriate location.

Probably you have to create a combined pkcs#12 (.p12, .pfx) file, containing private key and certificates:
openssl pkcs12 -export -in ${CN}.crt -certfile cafile.pem -inkey ${CN}.key -out ${CN}.pfx
(where cafile.pem is the ca certificate bundle of issuing certificate authority)

Clear the shell variable for the Common Name:
CN=

add comment ( 2042 views )   |  permalink   |  $star_image$star_image$star_image$star_image$star_image ( 3 / 1046 )

<<First <Back | 1 | 2 | 3 | 4 | 5 | 6 | 7 | Next> Last>>