howtos:create_a_self-signed_certificate_from_a_certificate_signing_request
no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
— | howtos:create_a_self-signed_certificate_from_a_certificate_signing_request [02/12/2018 21:34] (current) – created - external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | Once you have created a Certificate Signing Request (CSR), you can create a self-signed certificate from it. A self-signed certificate does not give the security guarantees provided by a certificate signed by a commercial CA. But it will allow you to provide a secure https connection to your web site. Clients will see a warning message stating that your site's identity cannot be verified and thus is not a " | ||
+ | |||
+ | Assuming you had generated your CSR and private key using the method shown above, you can create a self-signed certificate with the following openssl command: | ||
+ | |||
+ | < | ||
+ | openssl req -x509 -days 365 -in hostcsr.pem -key hostkey.pem -out hostcert.pem | ||
+ | </ | ||
+ | |||
+ | Here's and explanation of the command line options: | ||
+ | |||
+ | * -x509 - output a self-signed certificate rather than a CSR. | ||
+ | * -days 365 - make the self-signed certificate valid for one year. | ||
+ | * -in hostcsr.pem - read in the CSR from the file hostcsr.pem. | ||
+ | * -key hostkey.pem - read in the private key from the file hostkey.pem. | ||
+ | * -out hostcert.pem - write out the self-signed certificate to the file hostcert.pem. | ||
+ | |||
+ | |||
+ | View The Contents Of A Certificate Signing Request | ||
+ | Once you have created a Certificate Signing Request (CSR), you can look at the contents of the file using a text editor. But you will only see a block of PEM-encoded text such as this: | ||
+ | < | ||
+ | -----BEGIN CERTIFICATE REQUEST----- | ||
+ | MIIBhzCB8QIBADBIMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxDzAN | ||
+ | BgNVBAcTBlVyYmFuYTEVMBMGA1UEAxMMVGVycnkgRmxldXJ5MIGfMA0GCSqGSIb3 | ||
+ | DQEBAQUAA4GNADCBiQKBgQCo/ | ||
+ | 2bVHYuJTSz5Umq9DtsaBUMHVgwSCeCjfJAtaONERnJKg7yiyy3kdHgxYeqhoqDoJ | ||
+ | kqZjoN+bOIZGlGs55ke5AqFYdeIaTAcgcxZMmeYZTdZ4n0cCvLHfcyTuKcGmtWsX | ||
+ | +wIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEAVUelcfGlgus/ | ||
+ | 8ofE4sELbM8sg9xiXyw6yQ3e2T3HsYrJnOUUJkgOnL7zwDr29IQ1dG+ScjXKfxgB | ||
+ | vr2jnwdNbX20YgLyt8ht6NiUE7tQ33zDcSGoi+V2OxSWpbRHnOl6lGdRdh3A1LQj | ||
+ | wpM7Z5VjngNVfWM= | ||
+ | -----END CERTIFICATE REQUEST----- | ||
+ | </ | ||
+ | If you want to see the actual entries for this file, you can view the contents as text. Here's is a typical openssl command and the resulting output: | ||
+ | |||
+ | openssl req -text -noout -in hostcsr.pem | ||
+ | |||
+ | Certificate Request: | ||
+ | Data: | ||
+ | Version: 0 (0x0) | ||
+ | Subject: C=US, ST=Illinois, | ||
+ | Subject Public Key Info: | ||
+ | Public Key Algorithm: rsaEncryption | ||
+ | RSA Public Key: (1024 bit) | ||
+ | Modulus (1024 bit): | ||
+ | 00: | ||
+ | 97: | ||
+ | fd: | ||
+ | c6: | ||
+ | d1: | ||
+ | a8: | ||
+ | 6b: | ||
+ | 16: | ||
+ | 24: | ||
+ | Exponent: 65537 (0x10001) | ||
+ | Attributes: | ||
+ | a0:00 | ||
+ | Signature Algorithm: sha1WithRSAEncryption | ||
+ | 55: | ||
+ | 5f: | ||
+ | c9: | ||
+ | c0: | ||
+ | 9f: | ||
+ | df: | ||
+ | 94: | ||
+ | 7d:63 | ||
+ | | ||
+ | |||
+ | Here's an explanation of the command line options: | ||
+ | |||
+ | * -text - view the contents of the CSR as plain text. | ||
+ | * -noout - do not output the PEM-encoded version of the CSR. | ||
+ | * -in hostcsr.pem - read in the CSR from the file hostcsr.pem. | ||
+ | |||
+ | |||
howtos/create_a_self-signed_certificate_from_a_certificate_signing_request.txt · Last modified: 02/12/2018 21:34 by 127.0.0.1