Re: genkey segfaults when creating new cert

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Alex wrote:

> What are the steps to create a self-signed certificate for apache?


These are my notes for CentOS 5, but they should still apply.  The
view/verify steps are not strictly necessary, but they are useful for
checking your work as you go along.

  Create a Self-Signed SSL Certificate
  ------------------------------------

  * Create an RSA Private Key
    # openssl genrsa -des3 -rand /dev/urandom -out www.example.com.key 2048
    Enter pass phrase for www.example.com.key:
    Verifying - Enter pass phrase for www.example.com.key:

    * Create a Decrypted PEM Version of the RSA Private Key
      # openssl rsa -in www.example.com.key -out www.example.com.key.unsecure
      Enter pass phrase for www.example.com.key:

    * View the Details of the RSA Private Key
      # openssl rsa -noout -text -in www.example.com.key
      # cat www.example.com.key.unsecure

  * Create a PEM Formatted Certificate Signing Request (CSR)
    # openssl req -new -key www.example.com.key -out www.example.com.csr
    Enter pass phrase for www.example.com.key:
    -----
    Country Name (2 letter code) [GB]:GB
    State or Province Name (full name) [Berkshire]:Berkshire
    Locality Name (eg, city) [Newbury]:Newbury
    Organization Name (eg, company) [My Company Ltd]:My Company Ltd
    Organizational Unit Name (eg, section) []:Secure Server
    Common Name (eg, your name or your server's hostname) []:www.example.com
    Email Address []:.
  
    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:
    An optional company name []:

    * View the Details of the CSR
      # openssl req -noout -text -in www.example.com.csr
      # cat www.example.com.csr

  * Self-Sign the Certificate
    * Note: A self-signed certificate will cause browsers to generate
            a security warning.
    # openssl x509 -req -days 365 -extfile /etc/pki/tls/openssl.cnf -extensions v3_ca -in www.example.com.csr -signkey www.example.com.key -out www.example.com.crt
    Enter pass phrase for www.example.com.key:

  * Verify and View the Signed Certificate
    * The results of the following two commands should be identical:
      # openssl x509 -noout -modulus -in www.example.com.crt | openssl sha1
      # openssl rsa -noout -modulus -in www.example.com.key | openssl sha1
    # openssl x509 -noout -text -in www.example.com.crt
    # cat www.example.com.crt

Regards,

Matthew Roth
InterMedia Marketing Solutions
Software Engineer and Systems Developer
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux