BreadCrumbs: OpenSSL
OpenSSL
From Luke Jackson
(Difference between revisions)
| Revision as of 03:20, 14 November 2011 (edit) Ljackson (Talk | contribs) (→Example) ← Previous diff |
Revision as of 17:02, 13 August 2012 (edit) Ljackson (Talk | contribs) (→Example) Next diff → |
||
| Line 38: | Line 38: | ||
| openssl genrsa -des3 -out ssl.key/server.key 1024 | openssl genrsa -des3 -out ssl.key/server.key 1024 | ||
| openssl rsa -noout -text -in ssl.key/server.key | openssl rsa -noout -text -in ssl.key/server.key | ||
| - | openssl rsa -in ssl.key/server.key -out server.key.unsecure | + | openssl rsa -in ssl.key/server.key -out ssl.key/server.key.unsecure |
| mv ssl.key/server.key ssl.key/server.key.bk | mv ssl.key/server.key ssl.key/server.key.bk | ||
| mv ssl.key/server.key.unsecure ssl.key/server.key | mv ssl.key/server.key.unsecure ssl.key/server.key | ||
| - | openssl req -new -key ../ssl.key/server.key -out ssl.csr/server.csr | + | openssl req -new -key ssl.key/server.key -out ssl.csr/server.csr |
| openssl req -noout -text -in ssl.csr/server.csr | openssl req -noout -text -in ssl.csr/server.csr | ||
| openssl x509 -req -days 730 -in ssl.csr/server.csr -signkey ssl.key/server.key -out ssl.crt/server.crt | openssl x509 -req -days 730 -in ssl.csr/server.csr -signkey ssl.key/server.key -out ssl.crt/server.crt | ||
Revision as of 17:02, 13 August 2012
Generate Self-Signed Certificate
Create a RSA private key for your CA (will be Triple-DES encrypted and PEM formatted)
openssl genrsa -des3 -out server.key 1024
You can see the details of this RSA private key via the command:
openssl rsa -noout -text -in ca.key
Create a Certificate Signing Request (CSR) with the server RSA private key (output will be PEM formatted):
openssl req -new -key server.key -out server.csr
You can see the details of this CSR via the command
openssl req -noout -text -in server.csr
You can create a decrypted PEM version (not recommended) of this private key via:
openssl rsa -in ca.key -out ca.key.unsecure
If you want to run apache without a password rename it correctly:
mv server.unsecure server.key
Generate apache mod_ssl certificate:
openssl x509 -req -days 730 -in server.csr -signkey server.key -out server.crt
Verify contents of certificate:
openssl x509 -noout -text -in server.crt
Example
mv ssl.key/server.key ssl.key/server.key.bk openssl genrsa -des3 -out ssl.key/server.key 1024 openssl rsa -noout -text -in ssl.key/server.key openssl rsa -in ssl.key/server.key -out ssl.key/server.key.unsecure mv ssl.key/server.key ssl.key/server.key.bk mv ssl.key/server.key.unsecure ssl.key/server.key openssl req -new -key ssl.key/server.key -out ssl.csr/server.csr openssl req -noout -text -in ssl.csr/server.csr openssl x509 -req -days 730 -in ssl.csr/server.csr -signkey ssl.key/server.key -out ssl.crt/server.crt openssl x509 -noout -text -in ssl.crt/server.crt