Create Private Key, Certificate Request and (optionally) self-signed cert using OpenSSL 
Monday, 11 February 2013, 20:00 - Apache Stuff, OpenSSL
Posted by Administrator
First, set the common name (CN, ~FQDN) for the certificate:
CN=host.domain.tld

Change to the directory where you would like to store the data relevant for certificates, e.g.:
cd /etc/ssl

Then create a private key:
openssl genrsa -out private/${CN}.key 2048

Generate the signing Request, either:
a) interactively, you'll have to answer some questions...:
openssl req -new -key private/${CN}.key -out ${CN}.csr

b) using a customized openssl config file:
openssl req -new -config ${CN}-openssl.cnf -key private/${CN}.key -out ${CN}.csr

Now you may either:
a) send the certificate request to an (official or internal) Certificate Authority to sign the Certificate

b) for testing purposes only, you can also self-sign the certificate:
openssl x509 -req -days 1825 -in ${CN}.csr -signkey private/${CN}.key -out certs/${CN}.crt

When you have received signed (or self-signed) certificate, you can copy all the files to the appropriate location.

Probably you have to create a combined pkcs#12 (.p12, .pfx) file, containing private key and certificates:
openssl pkcs12 -export -in ${CN}.crt -certfile cafile.pem -inkey ${CN}.key -out ${CN}.pfx
(where cafile.pem is the ca certificate bundle of issuing certificate authority)

Clear the shell variable for the Common Name:
CN=

add comment ( 2254 views )   |  permalink   |  $star_image$star_image$star_image$star_image$star_image ( 3 / 1318 )
Simple SSL Certificate Authority 
Monday, 22 March 2004, 00:00 - Tools & more, OpenSSL
Posted by Administrator
Sometimes, you need some SSL certificates for providing SSL encrypted pages.

You can obtain a server certificate from Verisign or Entrust but they're quite expensive.

Or you can make them yourself. Here are some tools to get there. I won't provide information about cryptology at all, neither you will find a professional PKI solution here.

Creating your "own CA" makes only sense for sites where encryption should be in place, without providing official trusted credentials. Every user connecting to your secured site get a warning message every time he connects to your site, until he manually accept your CA Certificate.

First you need OpenSSL, the code which deals with digital certificates.
For information on the command options of the OpenSSL tools look at the OpenSSL Documentation (from openssl.org)
Then get the SSL CA-Tools 0.2 (SSL CA-Tools 0.2). This is a version slightly modified so you can also renew certificates easily.
If you do prefer to use the original version, you can find it here: SSL CA-Tools)

The SSL CA-Tools are easy to use scripts which query the necessary information in a dialog and execute the appropriate openssl commands. Untar it somewhere, e.g. under your openssl directory, look at the README, and create a self-signed CA certificate, user- and server certificates and finally sign them with your CA key.
1 comment ( 2239 views )   |  permalink   |  related link   |  $star_image$star_image$star_image$star_image$star_image ( 3 / 1251 )

<<First <Back | 1 | 2 |