BreadCrumbs: OpenSSL

OpenSSL

From Luke Jackson

(Difference between revisions)
Jump to: navigation, search
Revision as of 04:20, 14 July 2008 (edit)
Ljackson (Talk | contribs)

← Previous diff
Revision as of 04:24, 14 July 2008 (edit)
Ljackson (Talk | contribs)

Next diff →
Line 7: Line 7:
You can see the details of this RSA private key via the command: You can see the details of this RSA private key via the command:
- openssl rsa -noout -text -in ca.key + openssl rsa -noout -text -in ca.key
 + 
 +Create a Certificate Signing Request (CSR) with the server RSA private key (output will be PEM formatted):
openssl req -new -key server.key -out server.csr openssl req -new -key server.key -out server.csr
 +
 +You can see the details of this CSR via the command
 +
 + openssl req -noout -text -in server.csr
You can create a decrypted PEM version (not recommended) of this private key via: You can create a decrypted PEM version (not recommended) of this private key via:

Revision as of 04:24, 14 July 2008

Generate Self-Signed Certificate

Create a RSA private key for your CA (will be Triple-DES encrypted and PEM formatted)

openssl genrsa -des3 -out server.key 1024

You can see the details of this RSA private key via the command:

openssl rsa -noout -text -in ca.key

Create a Certificate Signing Request (CSR) with the server RSA private key (output will be PEM formatted):

openssl req -new -key server.key -out server.csr

You can see the details of this CSR via the command

openssl req -noout -text -in server.csr 

You can create a decrypted PEM version (not recommended) of this private key via:

openssl rsa -in ca.key -out ca.key.unsecure

If you want to run apache without a password rename it correctly:

mv server.unsecure server.key

Generate apache mod_ssl certificate:

openssl x509 -req -days 730 -in server.csr -signkey server.key -out server.crt


Verify contents of certificate:

openssl x509 -noout -text -in server.crt


Sources

Personal tools