Create CA-signed SSL Certificate
- Note: openssl is required. This tutorial is based on debian/ubuntu linux. However, any operating system with openssl installed should be same/similar.
- Install openssl
- aptitude install openssl
- Create CA
- mkdir myca; cd myca
- /usr/lib/ssl/misc/CA.sh -newca
- Common Name: example.org.au
- vi /etc/ssl/openssl.cnf (optional)
- default_days = 3650 # how long to certify for (change the default_days if you need)
- Create Cert Signing Request:
- openssl req -newkey rsa:2048 -nodes -keyout newreq.pem -out newreq.pem
- Common Name: server.example.org.au (FQDN of the server)
- openssl req -newkey rsa:2048 -nodes -keyout newreq.pem -out newreq.pem
- Sign the CSR:
- /usr/lib/ssl/misc/CA.sh -sign
- Move the certificates
- cp demoCA/cacert.pem /etc/ssl/certs/cacert.pem
- mv newcert.pem /etc/ssl/certs/server-cert.pem
- mv newreq.pem /etc/ssl/certs/server-key.pem
page revision: 6, last edited: 27 Jun 2008 04:48