Openssl: Difference between revisions
From DWIKI
| Line 16: | Line 16: | ||
First in chain is the root certificate AddTrustExternalCARoot.crt. | First in chain is the root certificate AddTrustExternalCARoot.crt. | ||
The next ones are the intermediates: NetworkSolutions_CA.crt and UTNAddTrustServer_CA.crt. | The next ones are the intermediates: NetworkSolutions_CA.crt and UTNAddTrustServer_CA.crt. | ||
===Generate a signing request=== | |||
openssl req -nodes -newkey rsa:2048 -keyout my.domain.key -out my.domain.csr | |||
The resulting csr is the signing request, my.domain.key is the private key you save not readable for anyone but root! | |||
==Tips&Tricks== | ==Tips&Tricks== | ||
Revision as of 16:50, 2 July 2009
Links
Documentation and HOWTOs
- OpenSSL Certificate Authority Setup
- ssl cert HOWTO
- OpenSSL Command-Line HOWTO
- 1. Way: SubjectAltName Only
Courier-imap and ssl
- http://linsec.ca/Using_Courier-IMAP_and_SSL
- http://linux.seindal.dk/2005/12/04/making-a-courier-imap-ssl-sertificate/
Network Solutions certificates
First in chain is the root certificate AddTrustExternalCARoot.crt. The next ones are the intermediates: NetworkSolutions_CA.crt and UTNAddTrustServer_CA.crt.
Generate a signing request
openssl req -nodes -newkey rsa:2048 -keyout my.domain.key -out my.domain.csr
The resulting csr is the signing request, my.domain.key is the private key you save not readable for anyone but root!
Tips&Tricks
Examining certificates
openssl verify cert.pem
openssl x509 -in cacert.pem -noout -text
Creating your own CA and signing with it
(based on http://www.eclectica.ca/howto/ssl-cert-howto.php#rootc)
cd /etc/ssl mkdir newcerts (perform secret rituals)
