web analytics

Generating self-signed SSL certificate using OpenSSL

PostDateIcon August 13th, 2010 | PostAuthorIcon Author: Eyal Estrin

OpenSSL allows you to request, sign, generate, export and convert digital certificates.
OpenSSL comes by-default in Unix platform as an RPM or package file (RedHat, Solaris, etc).
The guide bellow explains how to generate a key store for digital certificates, generate private and self-signed SSL certificate for web servers, and export/convert the key store to PFX file (for importing to Windows platform).
The guide bellow was tested on common Linux platform web servers (Apache, Lighttpd, Nginx, Resin) however the same syntax should work the same on Windows platform.

Download link for Windows binaries:
http://www.slproweb.com/products/Win32OpenSSL.html
Download link for Linux source files (pre-compiled):
http://www.openssl.org/source/

  1. Install OpenSSL.
  2. Run the command bellow to generate a new key store called “server.key
    openssl genrsa -des3 -out /tmp/server.key 1024
  3. Run the commands bellow to request a new SSL certificate:
    openssl req -new -x509 -nodes -sha1 -days 1095 -key /tmp/server.key > /tmp/server.crt

    openssl x509 -noout -fingerprint -text < /tmp/server.crt > /tmp/server.info

  4. Run the command bellow to backup the key store file that has a password:
    cp /tmp/server.key /tmp/server.key.bak
  5. Run the command bellow to generate a new key store without a password:
    openssl rsa -in /tmp/server.key -out /tmp/no.pwd.server.key
  6. Run the command bellow only if you need to generate a PEM file that contains a chain of both the key store and the public key in one file:
    cat /tmp/no.pwd.server.key /tmp/server.crt > /tmp/no.pwd.server.pem
  7. Run the command bellow only if you need to export a key store (without a password) to a PFX file (for importing to Windows platform)
    openssl pkcs12 -export -in /tmp/server.crt -inkey /tmp/no.pwd.server.key -certfile /tmp/no.pwd.server.pem -out /tmp/server.pfx

Appendix:

  • server.key – Key store file
  • server.crt – Server SSL public key file
  • no.pwd.server.key – Key store file (without a password)
  • no.pwd.server.pem – Key store file + server SSL public key file (without a password)
  • server.pfx – Private key + public key, exportable for Windows platform (i.e IIS server)
PostCategoryIcon Posted in Apache, IIS 7.5, Lighttpd, Nginx, RedHat, Resin, Solaris, SSL

8 Responses to “Generating self-signed SSL certificate using OpenSSL”

Leave a Reply for security-24-7.com

Click here to cancel reply.

Categories
Links:

Powered by Wordpress.org, WP Theme Design Powered by playstation wordpress templates and free provided by nixcheckcashing.com.