rami.info

The About

I'm a geek that loves everything that has to do with computers and recently got into photography. I'm also a unix sysadmin working at an ISP in Kuwait doing what I love the most.

The Links

My Flickr

The Search

The Storage

The Categories

The Hangout

The Meta

Admin
Back to top

Generating SSL Certificates Using OpenSSL On Linux

Posted in AtWherever by Rami on the February 20th, 2005

Configure:
vim /etc/ssl/openssl.cnf and change as necessary
echo 00 > /etc/ssl/serial
touch /etc/ssl/index.txt
Generate the CA:
openssl req -new -x509 -keyout /etc/ssl/private/cakey.pem -out /etc/ssl/cacert.pem -config /etc/ssl/openssl.cnf
Generate the certificate:
openssl req -new -nodes -keyout newkey.pem -out newreq.pem -days 365 -config /etc/ssl/openssl.cnf
cat newreq.pem newkey.pem > new.pem
Sign the certificate:
openssl ca -policy policy_anything -out newcert.pem -config /etc/ssl/openssl.cnf -infiles new.pem
To convert the certificate to PKCS#12:
openssl pkcs12 -export -in newcert.pem -inkey newkey.pem -out certfile.p12