genkey segfaults when creating new cert

Matthew J. Roth mroth at imminc.com
Tue Nov 13 15:57:28 UTC 2012 

Alex wrote:

> What are the steps to create a self-signed certificate for apache?


These are my notes for CentOS 5, but they should still apply.  The
view/verify steps are not strictly necessary, but they are useful for
checking your work as you go along.

  Create a Self-Signed SSL Certificate
  ------------------------------------

  * Create an RSA Private Key
    # openssl genrsa -des3 -rand /dev/urandom -out www.example.com.key 2048
    Enter pass phrase for www.example.com.key:
    Verifying - Enter pass phrase for www.example.com.key:

    * Create a Decrypted PEM Version of the RSA Private Key
      # openssl rsa -in www.example.com.key -out www.example.com.key.unsecure
      Enter pass phrase for www.example.com.key:

    * View the Details of the RSA Private Key
      # openssl rsa -noout -text -in www.example.com.key
      # cat www.example.com.key.unsecure

  * Create a PEM Formatted Certificate Signing Request (CSR)
    # openssl req -new -key www.example.com.key -out www.example.com.csr
    Enter pass phrase for www.example.com.key:
    -----
    Country Name (2 letter code) [GB]:GB
    State or Province Name (full name) [Berkshire]:Berkshire
    Locality Name (eg, city) [Newbury]:Newbury
    Organization Name (eg, company) [My Company Ltd]:My Company Ltd
    Organizational Unit Name (eg, section) []:Secure Server
    Common Name (eg, your name or your server's hostname) []:www.example.com
    Email Address []:.
  
    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:
    An optional company name []:

    * View the Details of the CSR
      # openssl req -noout -text -in www.example.com.csr
      # cat www.example.com.csr

  * Self-Sign the Certificate
    * Note: A self-signed certificate will cause browsers to generate
            a security warning.
    # openssl x509 -req -days 365 -extfile /etc/pki/tls/openssl.cnf -extensions v3_ca -in www.example.com.csr -signkey www.example.com.key -out www.example.com.crt
    Enter pass phrase for www.example.com.key:

  * Verify and View the Signed Certificate
    * The results of the following two commands should be identical:
      # openssl x509 -noout -modulus -in www.example.com.crt | openssl sha1
      # openssl rsa -noout -modulus -in www.example.com.key | openssl sha1
    # openssl x509 -noout -text -in www.example.com.crt
    # cat www.example.com.crt

Regards,

Matthew Roth
InterMedia Marketing Solutions
Software Engineer and Systems Developer

More information about the users mailing list