How to create a self-signed certificate using OpenSSl?

Posted by Jason Web Hosting Sunday 16 November 2008 8:40 pm

The openssl toolkit is used to generate an RSA Key and CSR (Certificate Signing Request). The CSR and the KEY can then be used to generate a self-signed certificates which can be used for a website OR any of your service on the server. Follow the below steps to generate a self-signed certificate:

Step 1: Creating a RSA private key
root@localhost [~]# openssl genrsa -out server.key 1024
Generating RSA private key, 1024 bit long modulus
………………….++++++
……………++++++
e is 65537 (0×10001)

You have now created a RSA key with 1024 bit encryption which is stored under server.key file.

Step 2: Creating a CSR (Certificate Signing Request)
root@localhost [~]# openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]:GB
State or Province Name (full name) [Berkshire]:Berkshire
Locality Name (eg, city) [Newbury]:Newbury
Organization Name (eg, company) [My Company Ltd]:My Company Ltd
Organizational Unit Name (eg, section) []:section
Common Name (eg, your name or your server’s hostname) []:localhost
Email Address []:email@section

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Using the server.key (RSA key created in the first step) we are now generating a CSR (Certificate Signing Request) which is used for generating a SSL certificate. The CSR is stored in server.csr file. You need to provide all your information like Country, City State etc while generating the CSR.

Step 3: Creating a Certificate
root@localhost [~]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd/OU=section/CN=localhost/emailAddress=email@section
Getting Private key

You have now generated a x509 Self Signed Certificate for a period of 365 days using the above generated RSA and CSR key. The certificate is now stored in server.crt file. Make sure you use server.crt (certificate) and server.key (private key) while installing it on any service of website.

Leave a Reply

You must be logged in to post a comment.

Categories

Archives

Web Hosting Blogroll