This is take straight from http://devsec.org/info/ssl-cert.html. I’m getting it on my blog, as a reference to myself, so I can make a key pair quickly in the future.
Openssl – the command for executing OpenSSL; pkcs12 – the file utility for PKCS#12 files in OpenSSL-export -out certificate.pfx – export and save the PFX file as certificate.pfx-inkey privateKey.key – use the private key file privateKey.key as the private key to combine with the certificate. The generated private key has no password: how can I add one during the generation process? Note: take into account that my final goal is to generate a p12 file by combining the certificate provided according to the CSR and the private key (secured with a password).
Make a new ssl private key:
* Generate a new unencrypted rsa private key in PEM format:
openssl genrsa -out privkey.pem 2048
Openssl Key Password
You can create an encrypted key by adding the -des3 option.
#
To make a self-signed certificate:
* Create a certificate signing request (CSR) using your rsa private key:
openssl req -new -key privkey.pem -out certreq.csr
( This is also the type of CSR you would create to send to a root CA for them to sign for you. )
* Self-sign your CSR with your own private key:
Free Key Generation Software
openssl x509 -req -in certreq.csr -signkey privkey.pem -out newcert.pem
댓글