Generate self-signed cert openssl

Problem

You want to generate a self-signed certificate, for use with a web server.

This will allow you to communicate with your web server over HTTPS, effectively encrypting your traffic.



Solution

The very first time – you need to set up your own CA (certifying authority). Do this one time only!

[ See a run through screen shot here ] [ See the code here ]

Then create a certificate request – which can be sent off to Verisign, etc or self-signed.



Example


To create a certificate request:

openssl req -new -days 730 -keyout keyna.pem -out keyna.pem

[ See a run through screen shot here ]

Self-sign the request – only do this if you are not sending off to a CA such as Verisign.

openssl ca -policy policy_anything -days 730 -out certna.pem -infiles keyna.pem

[ See a run through screen shot here ]

If you get 'unable to write random state', try this: look for command ssh-rand-helper usually under ssh install directories (or if ~/.ssh/.prng_seed exists – you can just link to it or copy it to $HOME).

ssh-rand-helper -b 1024 > $HOME/.prng_seed

To strip the password out, for restarts:
openssl rsa -in keyna.key -out keyna.key.unsecure



Reference

[tags]openssl, encryption, tripleDES, passwords, Unix Coding School[/tags]



1 thought on “Generate self-signed cert openssl”

Leave a Reply

Your email address will not be published. Required fields are marked *