Linux Surgeon

Find your answer !!!

How To Generate SSL Key, CSR and Self Signed Certificate

Dec-28th-2008
By piyushmap in Apache, CentOS, Security, fedora, ssl

The process of creating a key and a CSR is easy and it will only take a few minutes.In this article, we will see how to generate private key file (example.key), certificate signing request file (example.csr) and webserver certificate file (example.crt) that can be used on Apache server with mod_ssl.
SSL is a protocol for cryptographically securing transactions between a web browser and a web server.With a secure web server, clients can connect to your server securely and the transaction is well-encrypted so their data is safe.

How to install mod_ssl on Fedora | CentOS | Redhat

[root@linuxbox ~]# cd /etc/pki/tls

Generate Private Key

[root@linuxbox tls]# openssl genrsa -out www.linuxsurgeon.org.key 2048

[root@linuxbox tls]# ll www.linuxsurgeon.org.key

-rw-r–r– 1 root root  887 Dec 16 11:01 www.linuxsurgeon.org.key

[root@linuxbox tls]# cat www.linuxsurgeon.org.key

—–BEGIN RSA PRIVATE KEY—–
MIICXQIBAAKBgQDMLPuff3y9SR/NK5tpI7navpFBYdSsETV7v4GLJlmF3xn2YrNU
BPe3D5FCqJBQz/Qg6oIgar/Il1QXb+oTcItJ7KIj0qgOzEBGBApD7BJSC4BPOPJy
CmZoF9RkziXDgFQPPCgD75zn1SufeHx3faOE7H/3K+ISSTkTfZbvjSfAEQIDAQAB
AoGBAJb7oKrGrKiQvXqMB6WNLK+sgl+WB52iMCmtaQ9MMaFEZL+FJ1U3QzNUyLdB
TU7lKIN6xvVP2zhrZ1zZfoAXlnelzElECPn0ZExfTFNywVOTVmmnMGyiL+SRmZt9
/zxEFgxjTOSFkQ3bEJCRk05nhOHZmJorlCiTU3Zp9J0IlQrBAkEA+AHNnTCajOTZ
Z48zDf3blAowU2Iw/vO+WffoTQlqV2c7YfVRdARJeidyW8LXHn6nUh9ryGcknEHV
kzC0s45fWQJBANLBi/dH+eJtm4Kmx2eujacdI5hJghKn04MZYZJSebamU46sovin
SnG9KBPNx2IJiFvWLdYwzMpPKGteVotjR3kCQQDIHSRczsgWId5umnSWuJzB4krG
LXfdcK3KiKfP6WX+KpUW4MydsYvcXhH/isLrn0TBlgrxRJCc6N49i1Jzg9DZAkBa
4shfPRTPxoC3mQCI/8dqd7Bv7dNABEu8T2e6WALQ9201K9Gj9VCvN+lekPEYoA/D
uttNcQH/hJ9jne0ocwnRAkBdkgYsb9TJdyynQHF6kPJXZC6wv87qhtfuCqM1qUcA
Z90Yo21xd2l0GUeG7NeOFiZSmsPR+WM3M9zsIT3QRDxb
—–END RSA PRIVATE KEY—–

Generate a Certificate Signing Request (CSR)

[root@linuxbox tls]# openssl req -new -key www.linuxsurgeon.org.key -out www.linuxsurgeon.org.csr

Country Name (2 letter code) [GB]:IN
State or Province Name (full name) [Berkshire]:RAJASTHAN
Locality Name (eg, city) [Newbury]:Jaipur
Organization Name (eg, company) [My Company Ltd]:Linux Surgeon
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server’s hostname) []: www.linuxsurgeon.org
Email Address []:info@linuxsurgeon.org

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

[root@linuxbox tls]# ll www.linuxsurgeon.org.csr

-rw-r–r– 1 root root  794 Dec 16 11:03 www.linuxsurgeon.org.csr

[root@linuxbox tls]# cat www.linuxsurgeon.org.csr

—–BEGIN CERTIFICATE REQUEST—–
MIICEjCCAXsCAQAwgZwxCzAJBgNVBAYTAklOMRIwEAYDVQQIEwlSQUpBU1RIQU4x
DzANBgNVBAcTBkpBSVBVUjEWMBQGA1UEChMNTElOVVggU1VSR0VPTjELMAkGA1UE
CxMCSVQxHTAbBgNVBAMTFHN0b25leDEyOC5hcmNnYXRlLmluMSQwIgYJKoZIhvcN
AQkBFhVpbmZvQGxpbnV4c3VyZ2Vvbi5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
MIGJAoGBAMws+59/fL1JH80rm2kjudq+kUFh1KwRNXu/gYsmWYXfGfZis1QE97cP
kUKokFDP9CDqgiBqv8iXVBdv6hNwi0nsoiPSqA7MQEYECkPsElILgE848nIKZmgX
1GTOJcOAVA88KAPvnOfVK594fHd9o4Tsf/cr4hJJORN9lu+NJ8ARAgMBAAGgNTAV
BgkqhkiG9w0BCQcxCBMGbXlwYXNzMBwGCSqGSIb3DQEJAjEPEw1MSU5VWCBTVVJH
RU9OMA0GCSqGSIb3DQEBBQUAA4GBADhDB1RB3KdcJe2D+v/qZQ0CPosLWIDnieEe
2H7SAJo9mZHWx/32dMtGgzb8oczrD+u9rLgdel5NwvE7JahozTLD4VTIc9yGbH+k
uP11IXsoBtzWso+W8+JGkuDLEtfEa30ZdxhD+cd6ol52sNUZ58XwsIBIvC3BlmWs
zBEgJlUU
—–END CERTIFICATE REQUEST—–

Now Generate a Self-Signed SSL Certificate

[root@linuxbox tls]# openssl x509 -req -days 365 -in www.linuxsurgeon.org.csr -signkey www.linuxsurgeon.org.key -out www.linuxsurgeon.org.crt
Signature ok
subject=/C=IN/ST=RAJASTHAN/L=Jaipur/O=Linux Surgeon/OU=IT/CN=www.linuxsurgeon.org
Getting Private key

[root@linuxbox tls]# ll www.linuxsurgeon.org.crt

-rw-r–r– 1 root root 993 Dec 16 11:05 www.linuxsurgeon.org.crt

[root@linuxbox tls]# cat www.linuxsurgeon.org.crt

—–BEGIN CERTIFICATE—–
MIICsTCCAhoCCQC70E0Vq/sYaDANBgkqhkiG9w0BAQUFADCBnDELMAkGA1UEBhMC
SU4xEjAQBgNVBAgTCVJBSkFTVEhBTjEPMA0GA1UEBxMGSkFJUFVSMRYwFAYDVQQK
Ew1MSU5VWCBTVVJHRU9OMQswCQYDVQQLEwJJVDEdMBsGA1UEAxMUc3RvbmV4MTI4
LmFyY2dhdGUuaW4xJDAiBgkqhkiG9w0BCQEWFWluZm9AbGludXhzdXJnZW9uLm9y
ZzAeFw0xMDEyMTYwNTM1NTVaFw0xMTEyMTYwNTM1NTVaMIGcMQswCQYDVQQGEwJJ
TjESMBAGA1UECBMJUkFKQVNUSEFOMQ8wDQYDVQQHEwZKQUlQVVIxFjAUBgNVBAoT
DUxJTlVYIFNVUkdFT04xCzAJBgNVBAsTAklUMR0wGwYDVQQDExRzdG9uZXgxMjgu
YXJjZ2F0ZS5pbjEkMCIGCSqGSIb3DQEJARYVaW5mb0BsaW51eHN1cmdlb24ub3Jn
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMLPuff3y9SR/NK5tpI7navpFB
YdSsETV7v4GLJlmF3xn2YrNUBPe3D5FCqJBQz/Qg6oIgar/Il1QXb+oTcItJ7KIj
0qgOzEBGBApD7BJSC4BPOPJyCmZoF9RkziXDgFQPPCgD75zn1SufeHx3faOE7H/3
K+ISSTkTfZbvjSfAEQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAG8SDWGDTsJURpfY
aObiAl76p2YrI40OWgXjOLXAPA+c84m6IJ4Y+9pC+erwuwS806zh5/Q2fo+e6V8E
e6U8/CPy7d1ilHL5T4NObY/NSKqaN8+YRJAKKFKDRwWi9bus9O0yZie2j5RYb9q8
k/ymtiHHltvQIBC/kC80sI0PgJtf
—–END CERTIFICATE—–

[root@linuxbox tls]#

Now open your apache config file and edit the file to use ssl settings.

[root@linuxbox ~]# vim /etc/httpd/conf/httpd.conf

<VirtualHost www.linuxsurgeon.org:443>
ServerAdmin root@www.linuxsurgeon.org
DocumentRoot /var/www/html/
ServerName www.linuxsurgeon.org
ErrorLog logs/www.linuxsurgeon.org-error_log
CustomLog logs/www.linuxsurgeon.org-access_log common
SSLEngine on
SSLCertificateFile /etc/pki/tls/www.linuxsurgeon.org.crt
SSLCertificateKeyFile /etc/pki/tls/www.linuxsurgeon.org.key
</VirtualHost>

=====================================================================

Enjoy Linux !!!

Mega World News Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google Yahoo Buzz StumbleUpon Weekend Joy

Comments

  1. Tweets that mention Linux Surgeon » Blog Archive » How To Generate SSL Key, CSR and Self Signed Certificate -- Topsy.com Said,

    [...] This post was mentioned on Twitter by Linux Boy, Linux Boy. Linux Boy said: How To Generate SSL Key, CSR and Self Signed Certificate http://t.co/9f9tdzc via @piyushmap [...]

  2. Linux Surgeon » Blog Archive » Removing a password from an SSL Key Said,

    [...] You can create an SSL Certificate by following steps. [...]

  3. Removing a password from an SSL Key « The Linux Boy Said,

    [...] You can create an SSL Certificate by following steps. [...]

Add A Comment

CAPTCHA Image
*
Comments (3)
Subscribe feed