Archive

For the Certificate category

Converting a certificate from DER to PEM or PEM to DER

No Comments
openssl x509 –in input.pem –inform PEM -out output.der –outform DER
openssl x509 –in input.der –inform DER -out output.pem –outform PEM

Creating a certificate for a server

No Comments

Creating a server certificate involves only a few steps. To do so, execute the following commands. This post assumes that “OpenSSL initial configuration” and “Creating a ca’s self signed certificate” has been done previously.

Create a private key for the server. This can be accomplished using any user. The secret key, server.key, must be well protected.

openssl genrsa -des3 -out server.key 1024

Create the certificate request. This can be accomplished using any user. The common name (CN) should be the URL of the server. Otherwise, users will get a warning message that the server URL does not match the URL in the certificate.

openssl req -new -key server.key -out server.csr

Create and sign the certificate (change NN for the next certificate serial number available!). You must be logged in as ca to perform this operation. serverNN.crt is the server certificate.

openssl x509 -req -days 365 -in server.csr -CA certs/cacert.pem 
      -CAkey private/cakey.pem -set_serial NN -out serverNN.crt

Creating a ca’s self signed certificate

1 Comment

In order to create your own certificates, you need a CA (certificate authority) certificate. This certificate will be used to sign every certificate you will create. To do so, execute the following command. This post assumes that “OpenSSL initial configuration” has been done previously.

  • Logon with the user ca
  • Go in its home directory and issue the command
openssl req -new -x509 -keyout private/cakey.pem -out 
                            certs/cacert.pem -days 3650

It is a good practice to put the private key on a removable media and load it only when signing new certificates. Do not loose it. It is the most important piece of data related to your certificates.

Blue Taste Theme created by Jabox