Creating Certificate Authorities and self-signed SSL certificates

Поста е взаймстван от Creating Certificate Authorities and self-signed SSL certificates с идеята да имам в блога си how-to че ми се налага от време на време да ъпдейтвам сертификатите по уеб сървърите.

1. Create a self-signed certificate.

openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Make a version of the server.key which doesn’t need a password:
openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key

2. Generate your own CA (Certificate Authority).

openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt

openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key