howtos:generate_a_certificate_signing_request
no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
— | howtos:generate_a_certificate_signing_request [02/12/2018 21:34] (current) – created - external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | In order to get an SSL certificate and key (for use by an httpd server, for example), you must first create a Certificate Signing Request (CSR). The CSR can be sent to a commercial Certificate Authority (CA) which will then return an SSL certificate. Alternatively, | ||
+ | |||
+ | > openssl req -new -newkey rsa:2048 -keyout hostkey.pem -nodes -out hostcsr.pem | ||
+ | Generating a 2048 bit RSA private key | ||
+ | ........++++++ | ||
+ | ........++++++ | ||
+ | writing new private key to ' | ||
+ | ----- | ||
+ | You are about to be asked to enter information that will be incorporated | ||
+ | into your certificate request. | ||
+ | What you are about to enter is what is called a Distinguished Name or a DN. | ||
+ | There are quite a few fields but you can leave some blank | ||
+ | For some fields there will be a default value, | ||
+ | If you enter ' | ||
+ | ----- | ||
+ | Country Name (2 letter code) [AU]:US | ||
+ | State or Province Name (full name) [Some-State]: | ||
+ | Locality Name (eg, city) []:Urbana | ||
+ | Organization Name (eg, company) [Internet Widgits Pty Ltd]:NCSA | ||
+ | Organizational Unit Name (eg, section) []:Security Research Division | ||
+ | Common Name (eg, YOUR name) []:Terry Fleury | ||
+ | Email Address []: | ||
+ | Please enter the following ' | ||
+ | to be sent with your certificate request | ||
+ | A challenge password []: | ||
+ | An optional company name []: | ||
+ | > | ||
+ | |||
+ | First, an explanation of the command line options: | ||
+ | |||
+ | * -new - generate a new CSR | ||
+ | * -newkey rsa:2048 - generate a new private key of type RSA of length 1024 bytes. If you had previously generated a private RSA key (by using the " | ||
+ | * -keyout hostkey.pem - write out the newly generated RSA private key to the file hostkey.pem. You will want to save this file since it is needed when you get the SSL certificate. | ||
+ | * -nodes - an optional parameter NOT to encrypt the private key. This is useful when your web server starts automatically, | ||
+ | * -out hostcsr.pem - write out the CSR to the file hostcsr.pem. This is the file you will submit to your commercial SLL provider, or use when creating a self-signed certificate. | ||
+ | |||
+ | |||
+ | Next, an explanation of the interactive session. | ||
+ | At each prompt, you will see brackets ([ ]) which may or may not contain text. That text is the default option for that prompt. If you simply hit the < | ||
+ | |||
+ | Note: If you are planning on using this CSR to create a self-signed certificate, | ||
+ | |||
+ | At the end of the session, you are prompted for ' | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
howtos/generate_a_certificate_signing_request.txt · Last modified: 02/12/2018 21:34 by 127.0.0.1