Many IT bloggers have written down the steps for making self-signed certificates. I should jotted down my own notes on how to generate my own CA cert and use the CA cert to sign my own server cert. The procedures, if I can recall correctly, should more or less be as follows:
**** Generate my own CA cert/key and sign
my own server cert ****
#openssl genrsa -des3 -out myca.key 4096
[Generate a key for self-signed CA, require
to generate a passphrase to protect the key]
#openssl req -new -x509 -days 3650 -key
myca.key -out myca.crt
[Use the key to create a X.509 certificate
with the name myca.crt]
#openssl genrsa -des3 -out v6-mail.com.key
2048
[Generate a key for my server]
#openssl req -new -key v6-mail.com.key -out
v6-mail.com.csr
[Generate certificate signing request from
the server key]
#openssl x509 -req -days 3650 -in
v6-mail.com.csr -CA myca.crt -CAkey myca.key -set_serial 01 -out
v6-mail.com.crt
[Sign the csr with my CA cert and CA key,
set the serial number to 01 and generate a signed public key in crt format]
#openssl rsa -in v6-mail.com.key -out
new.v6-mail.com.key
(remove passphrase of in a new server keyfile)
#openssl rsa -in myca.key -out
new.my-ca.key
(remove passphrase in a new CA keyfile)
rm v6-mail.com.key,
mv new.v6-mail.com.key v6-mai.com.key
rm myca.key
mv new.my-ca.key myca.key
**** End of Processs *****
No comments:
Post a Comment