Pages

Tuesday, November 3, 2015

Creating self-signed SSL certificate


  • Generate a private key

$ openssl genrsa -des3 -out server.key 1024

You have to provide pass phrase which incorporated the private key

  • Generate Certificate Signing Request (CSR)


$ openssl req -new -key server.key -out server.csr

Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:SL
State or Province Name (full name) [Some-State]:Western
Locality Name (eg, city) []:CMB
Organization Name (eg, company) [Internet Widgits Pty Ltd]:WSO2
Organizational Unit Name (eg, section) []:BRS
Common Name (e.g. server FQDN or YOUR name) []:wso2.brs.com
Email Address []:milindap@wso2.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

For the Common Name (CN), you have to provide fully qualified domain name of the server. In above example the expected server url in https://wso2.brs.com/, hence proved the wso2.brs.com as the CN.

  • Create self-signed certificate

$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Signature ok
subject=/C=SL/ST=Western/L=CMB/O=WSO2/OU=BRS/CN=wso2.brs.com/emailAddress=milindap@wso2.com
Getting Private key
Enter pass phrase for server.key:

This will create server.crt certificate. 

No comments:

Post a Comment