Home » Blogs » sandip's blog

Generating Apache SSL Self-Signed Certificate

Thu, 07/26/2007 - 21:59 — sandip

# openssl req -x509 -newkey rsa:1024 -keyout /etc/httpd/conf/ssl.key/server.key -out /etc/httpd/conf/ssl.crt/server.crt -days 9999 -nodes
# chown root:root /etc/httpd/conf/ssl.key/server.key
# chmod 400 /etc/httpd/conf/ssl.key/server.key

Bookmark/Search this post with
  • del.icio.us
  • Digg
  • Facebook
  • identi.ca
  • LinkedIn
  • SlashDot
  • StumbleUpon
  • Technorati
  • Twitter

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Thu, 09/15/2011 - 22:50 — sandip Generating CSR from existing key

openssl req -new -key server.key -out server.csr

Thu, 05/05/2011 - 21:42 — sandip Generating 2048 bit CSR

openssl req -nodes -newkey rsa:2048 -keyout server.key -out server.csr

Wed, 01/06/2010 - 12:32 — sandip debug ssl cert with openssl

Commands used:

openssl s_client -connect host.domain.tld:443
openssl s_client -showcerts -connect host.domain.tld:443
openssl s_client -state -nbio -connect host.domain.tld:443 2>&1

Reference:
http://www.cyberciti.biz/tips/debugging-ssl-communications-from-unix-shell-prompt.html
http://www.cyberciti.biz/faq/test-ssl-certificates-diagnosis-ssl-certificate/

Thu, 12/05/2013 - 20:41 — Anonymous very certificate and chain installed fine online

digicert.com

Thu, 11/19/2009 - 17:41 — sandip Remove passphrase from ssl key

openssl rsa -in passphrase.key -out nopass.key

Fri, 05/23/2008 - 15:03 — sandip CSR info

openssl req -text -noout -in /path/to/server.csr

Thu, 04/10/2008 - 09:28 — sandip SSL certificate information
  1. Full text information:
    # openssl x509 -text -in server.crt
  2. Issuer of the certificate:
    # openssl x509 -noout -in server.crt -issuer
  3. Issued to:
    # openssl x509 -noout -in server.crt -subject
  4. Valid dates:
    # openssl x509 -noout -in server.crt -dates
  5. All of the above:
    # openssl x509 -noout -in server.crt -issuer -subject -dates
  6. Hash value:
    # openssl x509 -noout -in server.crt -hash
  7. MD5 fingerprint:
    # openssl x509 -noout -in server.crt -fingerprint
Tue, 01/29/2008 - 00:29 — wizap Renewing self signed SSL certificate

After generating a renewed self-signed ssl cert, I got the below message:

You have received an invalid certificate...
Your certificate contains the same serial number as another
certificate issued by the certificate authority. 
Please get a new certificate containing a unique serial number.

With some digging, found that a new serial number can be set as below.

# openssl req -x509 -new -key /etc/httpd/conf/ssl.key/server.key  \
-out /etc/httpd/conf/ssl.crt/server.crt -days 9999 -nodes -set_serial 99999

man x509 for more info.

Comment