Contained within an SSL certificate is information that pertains to you and your secured domain. Lets imaging that you have a web hosting company called Spider and the details for which are shown below.
Country Name (2 letter code): UK State or Province Name (full name): Surrey Location Name (city): Camberley Organisation Name (company): Spider Web Hosting Organisation Unit Name (section): IT Support Common Name (your domain name): spiderwebhosting.com Email Address (): [email protected] A challenge password: leave blank An optional company name: leave blank
Generate a Private Key and Certificate Signing Request
Here we generate a Certificate Signing Request and populate it with our details. The -nodes flag tells openssl to create a private key that does not require a pass-phrase. Emitting this flag will prompt for a pass-phrase every time you use it. If installing it on Apache, this will mean entering it every time the Apache service is restarted.
openssl req -new -nodes > spiderwebhosting.com.csr
The above command will generate the CSR and the private key in your current directory.
spiderwebhosting.com.csr
privkey.pem
Generate the Certificate
To generate a certificate, you need a Certificate Signing Request and a private key. The output of the below command will create a certificate valid for 365 days, called spiderwebhosting.com.cert within your current working directory.
openssl x509 -in spiderwebhosting.com.csr -out spiderwebhosting.com.cert -req -signkey privkey.pem -days 365
Make sure that the private key is not world-readable but the certificate is.
chmod go-rwx spiderwebhosting.com.cert
The above command removes read, write and execute permissions from the group and other users.
Resources
Linux.com: Creating Self-Signed SSL Certificates for Apache on Linux
http://www.linux.com/learn/tutorials/392099-creating-self-signed-ssl-certificates-for-apache-on-linux
Hosting.com: Generate a Self-signed SSL in Linux
http://www.hosting.com/support/ssl/generate-a-self-signed-ssl-in-linux
Unix and Linux System Administration, fourth edition; Nemeth Snyder Hein Whaley.
pages 971-973
The Most Common OpenSSL Commands
http://www.sslshopper.com/article-most-common-openssl-commands.html
What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?
http://serverfault.com/questions/9708/what-is-a-pem-file-and-how-does-it-differ-from-other-openssl-generated-key-file
Generating 2048-bit CSR with OpenSSL
http://blogs.digitss.com/apache/openssl/generating-2048-bit-csr-with-openssl/
Be the first to comment