[problem]
You want to generate a self-signed certificate, for use with a web server.
This will allow you to communicate with your web server over HTTPS, effectively encrypting your traffic.
[/problem]
[solution]
The very first time – you need to set up your own CA (certifying authority). Do this one time only!
[ See a run through screen shot here ] [ See the code here ]
![[ See a run through screen shot here ]](/content/generate_certifying_authority_cert.png){kind=link}
Then create a certificate request – which can be sent off to Verisign, etc or self-signed.
[/solution]
[example]
To create a certificate request:
openssl req -new -days 730 -keyout keyna.pem -out keyna.pem
[ See a run through screen shot here ]
![[ See a run through screen shot here ]](/content/generate_two_year_cert_request.png){kind=link}
Self-sign the request – only do this if you are not sending off to a CA such as Verisign.
openssl ca -policy policy_anything -days 730 -out certna.pem -infiles keyna.pem
[ See a run through screen shot here ]
![[ See a run through screen shot here ]](/content/self_sign_two_year_cert.png){kind=link}
If you get ‘unable to write random state’, try this: look for command ssh-rand-helper usually under ssh install directories (or if ~/.ssh/.prng_seed exists – you can just link to it or copy it to $HOME).
ssh-rand-helper -b 1024 > $HOME/.prng_seed
To strip the password out, for restarts:
openssl rsa -in keyna.key -out keyna.key.unsecure
[/example]
[reference]
[tags]openssl, encryption, tripleDES, passwords, Unix Coding School[/tags]
- OpenSSL Linux Man Page
- Mark Foster’s cool openssl tips
- Paul Heinlein’s excellent and comprehensive openssl tips
[/reference]
If you have found my website useful, please consider buying me a coffee below 😉