Wednesday, 3 June 2009

Super quick guide for creating self-signed certificates

Something I've done many times, but every time it's typically been so long in between that I've usually forgotten the specific details, so here is a super quick crib:

Create the private keys:

openssl genrsa -des3 -out server1.key 1024

Create a Certificate Signing Request (CSR):

openssl req -new -key server1.key -out server1.csr

Enter details, example below:

Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]:Kent
Locality Name (eg, city) []:Royal Tunbridge Wells
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Acme Co
Organizational Unit Name (eg, section) []:Financial Systems
Common Name (eg, YOUR name) []
Email Address []

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Copy the passphrase protected key:

cp server1.key

Export the actual key without pass-phrase protection:

openssl rsa -in -out server1.key

Sign the CSR using the key to create a Certificate (.crt):

openssl x509 -req -days 365 -in server1.csr -signkey server1.key -out server1.crt

Easy huh! :)


No comments: