SSL/TLS Certificate Generation/Installation (for httpd) 
Saturday, March 16, 2013, 05:44 AM - - Apache Notes
Posted by Administrator
//Generate server key
openssl genrsa -out server.key 1024

//Create a Certificate Signing Request
openssl req -new -key server.key -out server.csr

//Sign your own certificate (for development purposes)
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

//Install your certificate. Add in httpd.conf :
SSLCertificateFile "/webserver/ssl_certs/server.crt"
SSLCertificateKeyFile "/webserver/ssl_certs/server.key"

//Finally, configure a virtual-host with a document root and port 443 (httpd.conf)

:)


### Update 4-27-2018 ###
# looks like you can generate server.key and server.csr using only one command:
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

#Also, it looks like wee can create a self-signed key and certificate pair with OpenSSL in a single command:
(Tested on 11/15/2023 !)
[admin@PHP8 ~]$ openssl req --x509 --nodes --days 3650 --newkey rsa:2048 --keyout nginx-selfsigned.key --out nginx-selfsigned.crt
...
[admin@PHP8 ~]$ ls -ltrh nginx-selfsigned.*
-rw-------. 1 entadmin entadmin 1.7K Nov 15 18:47 nginx-selfsigned.key
-rw-rw-r--. 1 entadmin entadmin 1.5K Nov 15 18:48 nginx-selfsigned.crt


# From Comodo.com, To generate a pair of private key and public Certificate Signing Request (CSR) for a webserver, "server", use the following command (creates two files) :
openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr

# Also from Comodo.com,Alternatively one may issue the following command to generate a CSR:
openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr -subj "/C=GB/ST=Yorks/L=York/O=MyCompany Ltd./OU=IT/CN=mysubdomain.mydomain.com"

# Note: If the "-nodes" is entered the key will not be encrypted with a DES pass phrase.

# 5-14-2018 - Verifying that a private key matches its Certificate
[aesteban@localhost TLS-TESTS]$ openssl x509 -noout -modulus -in nginx-selfsigned.crt | openssl md5
(stdin)= 79fc2ac98ed18c376acea99debf42086
[aesteban@localhost TLS-TESTS]$ openssl rsa -noout -modulus -in nginx-selfsigned.key | openssl md5
(stdin)= 79fc2ac98ed18c376acea99debf42086
[aesteban@localhost TLS-TESTS]$



6-15-2018 Documenting the following:

# user curl's resolve to test endpoints that are behind a CDN or loadbalancer. IPADDRESS represents the endpoint (app server) ip address.
[aesteban@localhost ~]$ curl -v  https://api.example.com --resolve "api.example.com:443:IPADDRESS"


8-9-2019 - extracting expiration date from certificate
[aesteban@localhost ~]$ openssl x509 -enddate -noout -in Documents/ansible/files/star.angelcool.com.crt 
notAfter=Jul  9 23:25:42 2019 GMT
[aesteban@localhost ~]$ 
[aesteban@localhost ~]$




[ view entry ] ( 1618 views )   |  print article

<<First <Back | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | Next> Last>>

2024 By Angel Cool