self signed certs

steps to generate csr

  • 1 Prerequisites
  • 2 Generate the RSA key
  • 3 Create a CSR
  • 4 Verify your CSR
  • 5 Submit your CSR

[root@machine1 ~]#yum install openssl openssl-devel -y
[root@machine1 ~]# mkdir example.com.ssl

[root@machine1 ~]# cd example.com.ssl/
[root@machine1 example.com.ssl]# openssl genrsa -out ./example.com.key 2048 Generating RSA private key, 2048 bit long modulus …..+++ …………………+++ e is 65537 (0x10001)
[root@machine1 example.com.ssl]# openssl req -new -sha256 -key ./example.com.key -out ./example.com.csr

You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.’, the field will be left blank. —– Country Name (2 letter code) [XX]:IN State or Province Name (full name) []:AP Locality Name (eg, city) [Default City]:HYD Organization Name (eg, company) [Default Company Ltd]:MYCOMPANY Organizational Unit Name (eg, section) []:IT Common Name (eg, your name or your server’s hostname) []: Email Address []:mohammedrafi494@gmail.com Please enter the following ‘extra’ attributes to be sent with your certificate request A challenge password []: An optional company name []:

[root@machine1 example.com.ssl]#
#########################################################################

Verify your CSR

[root@machine1 example.com.ssl]# openssl req -noout -text -in ./example.com.csr Certificate Request: Data: Version: 0 (0x0) Subject: C=IN, ST=AP, L=HYD, O=MYCOMPANY, OU=IT/emailAddress=mohammedrafi494@gmail.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:cd:fb:e6:81:74:e5:fc:26:ea:b0:88:92:c1:f3: 44:c1:84:33:c4:21:af:98:2f:ba:92:97:82:b1:fb: 87:d2:6e:b1:7b:fc:f0:84:f1:91:c6:3b:b7:42:b0: e7:b0:50:a9:fe:33:58:ca:26:2a:79:19:54:46:42: 23:4a:83:98:22:18:6d:58:86:7e:0d:5c:24:59:ef: d4:1a:e8:ab:4b:c3:d9:23:3d:5d:be:ba:a4:51:79: d2:8e:b4:80:e0:e6:01:44:29:b6:e5:d7:cb:27:10: 83:74:ce:91:bd:e2:7f:29:c4:0d:03:4f:76:6e:f7: 01:65:1f:97:71:e7:55:59:74:57:5e:67:eb:87:04: 39:00:00:a0:1c:5e:d1:ce:a6:d9:40:c3:2c:64:32: 8d:94:50:19:25:5f:7d:d9:80:ca:c7:1b:4e:5d:f8: fd:b9:34:e1:02:dc:74:20:39:91:60:78:25:a0:3d: 82:b0:55:31:08:dc:63:84:68:e8:ce:d0:46:1d:61: c4:e6:67:df:28:fa:67:dc:29:7d:a7:5d:3e:e2:d7: 47:c2:7c:bb:25:94:9a:7b:61:99:ae:ac:14:0a:a2: 87:21:27:39:a0:74:7a:24:b4:d3:24:2b:e9:05:f3: f6:b6:a7:d8:d4:c8:89:f9:a8:41:c9:a0:3d:1f:f5: 80:45 Exponent: 65537 (0x10001) Attributes: a0:00 Signature Algorithm: sha256WithRSAEncryption 12:86:f2:a3:31:00:51:31:b4:5e:6c:e9:f3:e9:5c:d4:b9:14: 3e:4a:52:3d:0d:e8:b9:8f:50:66:e1:8c:20:94:e1:ec:f1:15: cc:4a:02:93:4c:8b:c1:26:43:99:6b:c2:a1:00:cd:f3:b1:67: d8:38:40:64:a5:ab:fc:58:da:6f:c2:c4:df:bf:2f:54:83:78: a1:b7:4a:b1:6a:60:85:bf:14:f6:3d:75:ca:41:89:46:03:21: b2:57:b5:ba:3c:4e:3c:16:9f:f9:6e:e7:c4:5c:0b:53:d9:59: 1d:fe:1f:be:40:52:1f:20:f2:e8:1d:44:5f:cf:0a:4d:7a:74: de:4e:2a:f3:37:e2:4d:01:4d:25:2f:79:c8:1a:95:57:90:bc: b8:e3:55:a0:c8:19:89:cc:5a:b1:55:2d:a8:33:26:6d:cb:c7: c2:5f:c8:4c:44:36:06:61:50:da:f4:5c:dd:20:53:b6:9b:e1: dc:ee:71:5d:5b:91:5f:18:79:9c:15:69:4a:53:6c:45:dd:33: 1e:5f:00:ee:c8:2c:9b:a3:bc:47:f2:62:30:e2:88:22:1d:f4: be:24:4f:38:70:99:21:38:fb:7c:7e:ba:e1:5b:27:56:2b:85: fa:42:b2:a3:85:d9:11:f4:90:0f:9c:3f:8d:0b:7c:ee:fd:d2: cd:14:1f:24

##############################################################################

single command

openssl req -new -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr

#########################################################################

Self signing certificates

[root@machine1 ~]# openssl x509 -in example.com.csr -out example.com.crt -req -signkey example.com.key -days 365

Signature ok

subject=/C=IN/ST=AP/L=HYD/O=MYCOMPANY/OU=IT/emailAddress=mohammedrafi494@gmail.com

Getting Private key

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s