Create CA-signed SSL Certificate
  • Note: openssl is required. This tutorial is based on debian/ubuntu linux. However, any operating system with openssl installed should be same/similar.
  1. Install openssl
    • aptitude install openssl
  2. Create CA
    • mkdir myca; cd myca
    • /usr/lib/ssl/misc/ -newca
      • Common Name:
    • vi /etc/ssl/openssl.cnf (optional)
      • default_days = 3650 # how long to certify for (change the default_days if you need)
  3. Create Cert Signing Request:
    • openssl req -newkey rsa:2048 -nodes -keyout newreq.pem -out newreq.pem
      • Common Name: (FQDN of the server)
  4. Sign the CSR:
    • /usr/lib/ssl/misc/ -sign
  5. Move the certificates
    • cp demoCA/cacert.pem /etc/ssl/certs/cacert.pem
    • mv newcert.pem /etc/ssl/certs/server-cert.pem
    • mv newreq.pem /etc/ssl/certs/server-key.pem
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License