howtos:create_a_self-signed_certificate_from_a_certificate_signing_request

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

howtos:create_a_self-signed_certificate_from_a_certificate_signing_request [d/m/Y H:i] (current)
Line 1: Line 1:
 +Once you have created a Certificate Signing Request (CSR), you can create a self-signed certificate from it. A self-signed certificate does not give the security guarantees provided by a certificate signed by a commercial CA. But it will allow you to provide a secure https connection to your web site. Clients will see a warning message stating that your site's identity cannot be verified and thus is not a "​trusted site". Clients have the option of accepting the certificate for the session and all subsequent https connections with the site will be secure.
 +
 +Assuming you had generated your CSR and private key using the method shown above, you can create a self-signed certificate with the following openssl command:
 +
 +<​code>​
 +openssl req -x509 -days 365 -in hostcsr.pem -key hostkey.pem -out hostcert.pem
 +</​code>​
 +
 +Here's and explanation of the command line options:
 +
 +    * -x509 - output a self-signed certificate rather than a CSR.
 +    * -days 365 - make the self-signed certificate valid for one year.
 +    * -in hostcsr.pem - read in the CSR from the file hostcsr.pem.
 +    * -key hostkey.pem - read in the private key from the file hostkey.pem.
 +    * -out hostcert.pem - write out the self-signed certificate to the file hostcert.pem.
 +
 +
 +View The Contents Of A Certificate Signing Request
 +Once you have created a Certificate Signing Request (CSR), you can look at the contents of the file using a text editor. But you will only see a block of PEM-encoded text such as this:
 +<​file>​
 +    -----BEGIN CERTIFICATE REQUEST-----
 +    MIIBhzCB8QIBADBIMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxDzAN
 +    BgNVBAcTBlVyYmFuYTEVMBMGA1UEAxMMVGVycnkgRmxldXJ5MIGfMA0GCSqGSIb3
 +    DQEBAQUAA4GNADCBiQKBgQCo/​Dod/​sGiCSvi+OV295f3eLMMzPKnNjQKabVpGP3x
 +    2bVHYuJTSz5Umq9DtsaBUMHVgwSCeCjfJAtaONERnJKg7yiyy3kdHgxYeqhoqDoJ
 +    kqZjoN+bOIZGlGs55ke5AqFYdeIaTAcgcxZMmeYZTdZ4n0cCvLHfcyTuKcGmtWsX
 +    +wIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEAVUelcfGlgus/​OaTZgoePEmcvX4Lp
 +    8ofE4sELbM8sg9xiXyw6yQ3e2T3HsYrJnOUUJkgOnL7zwDr29IQ1dG+ScjXKfxgB
 +    vr2jnwdNbX20YgLyt8ht6NiUE7tQ33zDcSGoi+V2OxSWpbRHnOl6lGdRdh3A1LQj
 +    wpM7Z5VjngNVfWM=
 +    -----END CERTIFICATE REQUEST-----
 +</​file>​
 +If you want to see the actual entries for this file, you can view the contents as text. Here's is a typical openssl command and the resulting output:
 +
 +    openssl req -text -noout -in hostcsr.pem
 +
 +    Certificate Request:
 +        Data:
 +            Version: 0 (0x0)
 +            Subject: C=US, ST=Illinois,​ L=Urbana, CN=Terry Fleury
 +            Subject Public Key Info:
 +                Public Key Algorithm: rsaEncryption
 +                RSA Public Key: (1024 bit)
 +                    Modulus (1024 bit):
 +                        00:​a8:​fc:​3a:​1d:​fe:​c1:​a2:​09:​2b:​e2:​f8:​e5:​76:​f7:​
 +                        97:​f7:​78:​b3:​0c:​cc:​f2:​a7:​36:​34:​0a:​69:​b5:​69:​18:​
 +                        fd:​f1:​d9:​b5:​47:​62:​e2:​53:​4b:​3e:​54:​9a:​af:​43:​b6:​
 +                        c6:​81:​50:​c1:​d5:​83:​04:​82:​78:​28:​df:​24:​0b:​5a:​38:​
 +                        d1:​11:​9c:​92:​a0:​ef:​28:​b2:​cb:​79:​1d:​1e:​0c:​58:​7a:​
 +                        a8:​68:​a8:​3a:​09:​92:​a6:​63:​a0:​df:​9b:​38:​86:​46:​94:​
 +                        6b:​39:​e6:​47:​b9:​02:​a1:​58:​75:​e2:​1a:​4c:​07:​20:​73:​
 +                        16:​4c:​99:​e6:​19:​4d:​d6:​78:​9f:​47:​02:​bc:​b1:​df:​73:​
 +                        24:​ee:​29:​c1:​a6:​b5:​6b:​17:​fb
 +                    Exponent: 65537 (0x10001)
 +            Attributes:
 +                a0:00
 +        Signature Algorithm: sha1WithRSAEncryption
 +            55:​47:​a5:​71:​f1:​a5:​82:​eb:​3f:​39:​a4:​d9:​82:​87:​8f:​12:​67:​2f:​
 +            5f:​82:​e9:​f2:​87:​c4:​e2:​c1:​0b:​6c:​cf:​2c:​83:​dc:​62:​5f:​2c:​3a:​
 +            c9:​0d:​de:​d9:​3d:​c7:​b1:​8a:​c9:​9c:​e5:​14:​26:​48:​0e:​9c:​be:​f3:​
 +            c0:​3a:​f6:​f4:​84:​35:​74:​6f:​92:​72:​35:​ca:​7f:​18:​01:​be:​bd:​a3:​
 +            9f:​07:​4d:​6d:​7d:​b4:​62:​02:​f2:​b7:​c8:​6d:​e8:​d8:​94:​13:​bb:​50:​
 +            df:​7c:​c3:​71:​21:​a8:​8b:​e5:​76:​3b:​14:​96:​a5:​b4:​47:​9c:​e9:​7a:​
 +            94:​67:​51:​76:​1d:​c0:​d4:​b4:​23:​c2:​93:​3b:​67:​95:​63:​9e:​03:​55:​
 +            7d:63
 +    ​
 +
 +Here's an explanation of the command line options:
 +
 +    * -text - view the contents of the CSR as plain text.
 +    * -noout - do not output the PEM-encoded version of the CSR.
 +    * -in hostcsr.pem - read in the CSR from the file hostcsr.pem.
 +
 +
  
howtos/create_a_self-signed_certificate_from_a_certificate_signing_request.txt · Last modified: d/m/Y H:i (external edit)