Personal tools
Help keep us online!
$ 

We accept Bitcoins :-)

Generate a self signed certificate

From OrganicDesign Wiki

Jump to: navigation, search
General
Procedure.svg Generate a self signed certificate
Procedure
Assigned to (role): Not entered
Department: Not entered
Person Responsible: No one
Contributors: None
Version: Not entered
Priority: None specified
Status: Unknown
Required by: Not entered
Signed off with date: Not signed off yet

Requirements

Contents

Knowledge Requirements

Not entered

Resources Required

Not entered

Hazard Management Plan

Not entered

Quality Assurance Plan

Not entered

Procedure Process Steps

Not entered

Contingency

Not entered

Our convention is to keep all the certificates in /var/www/ssl along with the the SSL virtual host definition for the domain (see install a new server for details on Apache configuration). First change the current directory to /var/www/ssl and create the certificate with the following command format. Ensure the common name (cn) is entered as a wildcard such as *.foo.com so that the certificate applies to all the sub-domains such as www.foo.com or webmail.foo.com etc. 

openssl req -new -newkey rsa:1024 -days 3650 -nodes -x509 -keyout foo.com.pem -out foo.com.pem


Ensure that the resulting file is accessible by the web-server: 

chown www-data foo.com.pem


Check the cert with this command: 

openssl s_server -cert /var/www/ssl/foo.com.pem


The following output indicates the cert is working correctly 

Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
Retrieved from "http://www.organicdesign.co.nz/Generate_a_self_signed_certificate"

The GNU Project Debian Linux Ubuntu Linux


Content under the www.organicdesign.co.nz domain is available under the Creative Commons Attribution-ShareAlike License