Create CA-signed SSL Certificate

Note: openssl is required. This tutorial is based on debian/ubuntu linux. However, any operating system with openssl installed should be same/similar.

Install openssl
- aptitude install openssl
Create CA
- mkdir myca; cd myca
- /usr/lib/ssl/misc/CA.sh -newca
  - Common Name: example.org.au
- vi /etc/ssl/openssl.cnf (optional)
  - default_days = 3650 # how long to certify for (change the default_days if you need)
Create Cert Signing Request:
- openssl req -newkey rsa:2048 -nodes -keyout newreq.pem -out newreq.pem
  - Common Name: server.example.org.au (FQDN of the server)
Sign the CSR:
- /usr/lib/ssl/misc/CA.sh -sign
Move the certificates
- cp demoCA/cacert.pem /etc/ssl/certs/cacert.pem
- mv newcert.pem /etc/ssl/certs/server-cert.pem
- mv newreq.pem /etc/ssl/certs/server-key.pem

ssl

page revision: 6, last edited: 27 Jun 2008 04:48

Click here to edit contents of this page.

Click here to toggle editing of individual sections of the page (if possible). Watch headings for an "edit" link when available.

Append content without editing the whole page source.

Check out how this page has evolved in the past.

If you want to discuss contents of this page - this is the easiest way to do it.

View and manage file attachments for this page.

A few useful tools to manage this Site.

See pages that link to and include this page.

Change the name (also URL address, possibly the category) of the page.

View wiki source for this page without editing.

View/set parent page (used for creating breadcrumbs and structured layout).

Notify administrators if there is objectionable content in this page.

Something does not work as expected? Find out what you can do.

General Wikidot.com documentation and help section.

Wikidot.com Terms of Service - what you can, what you should not etc.

Wikidot.com Privacy Policy.

cworld