Create SSL Certificate (Self Signed)2024/11/01 |
Create Self Signed SSL Certificate by yourself. It had better to use Self Signed Certificate on the environment for the purpose of testing, development, and so on, not recommended to use on production System. |
[root@dlp ~]#
vi /etc/ssl/openssl.cnf # add to last line # section name is any name you like # DNS:(this server's hostname) # if you set multiple hostname ot domainname, set them with comma separated # ⇒ DNS:dlp.srv.world, DNS:www.srv.world [ srv.world ] subjectAltName = DNS:dlp.srv.world cd /etc/pki/tls/certs [root@dlp certs]# openssl genrsa -aes128 2048 > server.key Enter PEM pass phrase: # set passphrase Verifying - Enter PEM pass phrase: # confirm # remove passphrase from private key [root@dlp certs]# openssl rsa -in server.key -out server.key
Enter pass phrase for server.key: # input passphrase
writing RSA key
[root@dlp certs]# openssl req -utf8 -new -key server.key -out server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:JP # country code State or Province Name (full name) []:Hiroshima # state Locality Name (eg, city) [Default City]:Hiroshima # city Organization Name (eg, company) [Default Company Ltd]:GTS # company Organizational Unit Name (eg, section) []:Server World # department Common Name (eg, your name or your server's hostname) []:dlp.srv.world # server's FQDN Email Address []:root@srv.world # admin email address Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: # create certificate with 10 years expiration date # -extensions (section name) ⇒ the section name you set in [openssl.cnf] [root@dlp certs]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -extfile /etc/ssl/openssl.cnf -extensions srv.world -days 3650 Certificate request self-signature ok subject=C = JP, ST = Hiroshima, L = Hiroshima, O = GTS, OU = Server World, CN = dlp.srv.world, emailAddress = root@srv.world[root@dlp certs]# chmod 600 server.key [root@dlp certs]# ll server.* -rw-r--r--. 1 root root 1424 Nov 1 10:48 server.crt -rw-r--r--. 1 root root 1062 Nov 1 10:48 server.csr -rw-------. 1 root root 1704 Nov 1 10:48 server.key |