genkey segfaults when creating new cert
Matthew J. Roth
mroth at imminc.com
Tue Nov 13 15:57:28 UTC 2012
Alex wrote:
> What are the steps to create a self-signed certificate for apache?
These are my notes for CentOS 5, but they should still apply. The
view/verify steps are not strictly necessary, but they are useful for
checking your work as you go along.
Create a Self-Signed SSL Certificate
------------------------------------
* Create an RSA Private Key
# openssl genrsa -des3 -rand /dev/urandom -out www.example.com.key 2048
Enter pass phrase for www.example.com.key:
Verifying - Enter pass phrase for www.example.com.key:
* Create a Decrypted PEM Version of the RSA Private Key
# openssl rsa -in www.example.com.key -out www.example.com.key.unsecure
Enter pass phrase for www.example.com.key:
* View the Details of the RSA Private Key
# openssl rsa -noout -text -in www.example.com.key
# cat www.example.com.key.unsecure
* Create a PEM Formatted Certificate Signing Request (CSR)
# openssl req -new -key www.example.com.key -out www.example.com.csr
Enter pass phrase for www.example.com.key:
-----
Country Name (2 letter code) [GB]:GB
State or Province Name (full name) [Berkshire]:Berkshire
Locality Name (eg, city) [Newbury]:Newbury
Organization Name (eg, company) [My Company Ltd]:My Company Ltd
Organizational Unit Name (eg, section) []:Secure Server
Common Name (eg, your name or your server's hostname) []:www.example.com
Email Address []:.
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
* View the Details of the CSR
# openssl req -noout -text -in www.example.com.csr
# cat www.example.com.csr
* Self-Sign the Certificate
* Note: A self-signed certificate will cause browsers to generate
a security warning.
# openssl x509 -req -days 365 -extfile /etc/pki/tls/openssl.cnf -extensions v3_ca -in www.example.com.csr -signkey www.example.com.key -out www.example.com.crt
Enter pass phrase for www.example.com.key:
* Verify and View the Signed Certificate
* The results of the following two commands should be identical:
# openssl x509 -noout -modulus -in www.example.com.crt | openssl sha1
# openssl rsa -noout -modulus -in www.example.com.key | openssl sha1
# openssl x509 -noout -text -in www.example.com.crt
# cat www.example.com.crt
Regards,
Matthew Roth
InterMedia Marketing Solutions
Software Engineer and Systems Developer
More information about the users
mailing list