Confirmed users, Administrators
5,526
edits
SecurityEngineering/x509Certs: Difference between revisions
m
→Self Signed Certs
m (→Extensions) |
|||
| Line 22: | Line 22: | ||
=Self Signed Certs= | =Self Signed Certs= | ||
These are the steps to generate a certificate for www.example.com. Replace this value | These are the steps to generate a certificate for www.example.com. Replace this value with the actual server name in the steps below.<br/> | ||
1. Generate key: <br/> | 1. Generate key: <br/> | ||
:"openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits: 2048" <br/> | :"openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits: 2048" <br/> | ||
: | :2048 is considered secure for the next 4 years.<br/> | ||
2. Generate csr<br/> | 2. Generate csr<br/> | ||
:"openssl req -new -key key.pem -days 1096 -extensions v3_ca -batch -out example.csr - utf8 -subj '/CN=www.example.com'<br/> | :"openssl req -new -key key.pem -days 1096 -extensions v3_ca -batch -out example.csr - utf8 -subj '/CN=www.example.com'<br/> | ||
| Line 37: | Line 37: | ||
You can now use example.pem as your certfile | You can now use example.pem as your certfile | ||
= Running your Own CA = | = Running your Own CA = | ||
This isa little more complicated. It has requires building 3 certificates: a long term root cert, a medium tem intermediate and a short term end-entity cert. The reason for this is that allows us to have a relatively simple long term root to be distributed to clients and some flexibility on the intermediate so that we can change parameters if security research indicates so. | This isa little more complicated. It has requires building 3 certificates: a long term root cert, a medium tem intermediate and a short term end-entity cert. The reason for this is that allows us to have a relatively simple long term root to be distributed to clients and some flexibility on the intermediate so that we can change parameters if security research indicates so. | ||