Quantcast
Channel: Musings of a Beardy Gnome « Musings of a Beardy Gnome
Viewing all articles
Browse latest Browse all 11

Self-Signed Server Certificates

0
0

Creating a self-signed server certificate is easy, but I’m going to document it here for next time I need to know!

Step 1: Generate the keys to be used to sign the certificate.
openssl genrsa -des3 -out server.key 1024
Enter a passphrase when prompted.

Step 2: Create a passphrase-less version of the key, so you don’t need to enter the passphrase when starting the secure services.
openssl rsa -in server.key -out server.key.insecure

Step 3: Swap the two keys over.
mv server.key server.key.orig
mv server.key.insecure server.key

Step 4: Create the Certificate Signing Request (CSR).
openssl req -new -key server.key -out server.csr
Enter the details when prompted.

Step 5: Submit the CSR to a Certificate Authority for processicng, or sign it yourself (see below).
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
“-days” is the number of days the certificate is valid for, in this case, 1 year.

Step 6: Install the certificate.
sudo cp server.crt /etc/ssl/certs
sudo cp server.key /etc/ssl/private

And that’s it. Don’t forget to set up the ssl site and enable the ssl module (a2enmod ssl) in apache and restart any services using the certificate, such as your apache etc.


Viewing all articles
Browse latest Browse all 11

Latest Images

Trending Articles





Latest Images