13
Aug
09

Creating a Web Server Certificate


This site is a collaborative effort! The complete text and sourcecode for this is available on GitHub. Corrections and enhancements are welcome, please make the change and submit a pull request in the comment area below.

Creating a certificate is a 2 step process

  • Generate a certificate Request
  • Sign a request with a CA’s signature

Requirements

Creating a private key and Certificate Request

openssl req -new -keyout pw-protected-privkey.pem -out my-server.csr -days 365

# provide the hostname of the server as the Common Name when creating the certificate.

pw-protected-privkey.pem : private key
newreq.pem : CSR

Remove the password from the server’s private key (unless you want the server to ask you each time)

openssl rsa -in pw-protected-privkey.pem -out my-server-private-key.pem

sign the csr using your own CA

You now have to send this Certificate Signing Request (CSR) to a
Certifying Authority (CA) for signing. The result is then a real
Certificate which can be used for Apache.

Or you can sign it using your own CA

openssl ca -verbose -in my-server.csr -out my-server.cert -keyfile demoCA/private/cakey.pem -cert demoCA/cacert.pem

# during signing you should see the following output

Certificate is to be certified until Apr 5 03:09:42 2010 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
writing new certificates
writing ./demoCA/newcerts/01.pem
Data Base Updated
This site is a collaborative effort! The complete text and sourcecode for this is available on GitHub. Corrections and enhancements are welcome, please make the change and submit a pull request in the comment area below.
Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 74 other followers

August 2009
S M T W T F S
« Jul   Sep »
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

Blog Stats

  • 801,304 hits

%d bloggers like this: