You want to generate a self-signed certificate, for use with a web server.
This will allow you to communicate with your web server over HTTPS, effectively encrypting your traffic.
The very first time – you need to set up your own CA (certifying authority). Do this one time only!
Then create a certificate request – which can be sent off to Verisign, etc or self-signed.
To create a certificate request:
openssl req -new -days 730 -keyout keyna.pem -out keyna.pem
Self-sign the request – only do this if you are not sending off to a CA such as Verisign.
openssl ca -policy policy_anything -days 730 -out certna.pem -infiles keyna.pem
If you get ‘unable to write random state’, try this: look for command ssh-rand-helper usually under ssh install directories (or if ~/.ssh/.prng_seed exists – you can just link to it or copy it to $HOME).
ssh-rand-helper -b 1024 > $HOME/.prng_seed
To strip the password out, for restarts:
openssl rsa -in keyna.key -out keyna.key.unsecure
[tags]openssl, encryption, tripleDES, passwords, Unix Coding School[/tags]
- OpenSSL Linux Man Page
- Mark Foster’s cool openssl tips
- Paul Heinlein’s excellent and comprehensive openssl tips
[/reference]If you have found my website useful, please consider buying me a coffee below 😉