Monday, October 15, 2012

To Create SSL Certificates for Personal / Intranet Use

lock

I'm not a security guru, but I'm writing this as a personal note. Normally, I'll have to pay some company to have my SSL certificate digitally signed for commercial uses. That's because people and businesses won't acknowledge or recognize my SSL certificate in transactions unless it is signed by a reputable company. However, I can create SSL certificates myself for personal / intranet use.



On Debian and Ubuntu systems, after the ssl-cert package is installed, a SSL certificate is automatically created at /etc/ssl/certs/ssl-cert-snakeoil.pem, and the corresponding key is created at /etc/ssl/private/ssl-cert-snakeoil.key. You can just distribute ssl-cert-snakeoil.pem to other peer machines to set up SSL connections. To manually create your own SSL certificates, follow these steps. In this guide, we will use the arbitrary filenames: my-site.key, my-site.crt and my-site.pem.




  1. Generate a public/private key pair:

    openssl genrsa -out my-site.key 1024


  2. Generate a self signed certificate:

    openssl req -new -key my-site.key -x509 -days 3653 -out my-site.crt


  3. Generate the PEM file by just appending the key and certificate files:


    cat my-site.key my-site.crt > my-site.pem


  4. The private key should be kept secret, so change the file permission.


  5. chmod 600 my-site.key my-site.pem


    You can distribute the trust certificate server.crt to your SSL client hosts that will connect securely to the SSL-enabled server. The server may need *.crt files from clients for proper client authentication.





Read Also:



No comments:

Post a Comment

About This Blog

KBlog logo This blog is about current events and issues concerning general population. Thanks for visiting the blog and posting your comments.

© Contents by KBlog

© Blogger template by Emporium Digital 2008

Followers

Total Pageviews

icon
Powered By Blogger