Create Self Signed SSL certificate

user@localhost# openssl genrsa -des3 -out private.key 2048

user@localhost# openssl rsa -in svn.key -out private.pem

(This is mandatory for some web servers, for ex light httpd only accepts .pem file. Apache server can also accepts .pem file)

user@localhost# openssl req –new –key private.key –out requesr.csr

Enter pass phrase for private.key:

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:
Email Address []:

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:

An optional company name []:

user@localhost# openssl x509 -req -days 365 -in requset.csr -signkey private.key-out public.crt

Store this certificate in /etc/pki/tls/certs/public.crt

Store the key in /etc/pki/tls/private/private.key

cp /tmp/public.crt /etc/pki/tls/certs/public.crt

cp /tmp/private.key /etc/pki/tls/private/private.key

cp /tmp/private.pem /etc/pki/tls/private/private.pem

 In order to get the third party signed SSL, import certificate request file to SSL  CA provider for signing. This means instead of self signing, third party CA sign the key and they will provide SSL CA certificate. 

Download As PDF