| OpenSSL | How to use openssl things. |
Creating a SSL certificate using openssl.
openssl req -newkey rsa:1024 -x509 -days 365 -keyout key.pem -out cert.pemThis is what I did.
root@chrystal:/etc/ssl/certs# openssl req -newkey rsa:1024 -x509 -keyout mail.opal.dhs.org-key.pem -out mail.opal.dhs.org-crt.pem Using configuration from /usr/lib/ssl/openssl.cnf Generating a 1024 bit RSA private key ..++++++ ........++++++ writing new private key to 'mail.opal.dhs.org-key.pem' Enter PEM pass phrase: Verifying password - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:SE State or Province Name (full name) [Some-State]:Östergötland Locality Name (eg, city) []:Linköping Organization Name (eg, company) [Internet Widgits Pty Ltd]:OpaL Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:Ola Lundqvist Email Address []:ola@opal.dhs.org root@chrystal:/etc/ssl/certs#To remove the passphrase from the key so that I do not need to enter it everytime I start the server.
openssl rsa -in key.pem -out key.pemThis is what I did.
root@chrystal:/etc/ssl/certs# openssl rsa -in mail.opal.dhs.org-key.pem -out mail.opal.dhs.org-keynp.pem read RSA key Enter PEM pass phrase: writing RSA key root@chrystal:/etc/ssl/certs#Now you have to protect the files.
chown user.group *.pem chmod 600 *.pem
openssl verify -CAfile cacert.pem cert.pem
Copyright © 2008 Ola Lundqvist |