SSL certificate generation with self signing CA

Steps completed on Ubuntu 10.04

Generate CA (CN should have CA suffix to prevent conflict)

openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt

generate server key and request (CSR)

openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr

Generate CRT from CSR

openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

Make server.key with no passphrase for Apache

openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key

Set permissions

chown root server.key
chmod 600 server.key

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>