Interests  
  Computers  
    Hw  
    Sw  
      Certs  
      Http  
      Openssl  
    Net  
    RAID  
  Watches  
  Plants  
  Music  
  Cars  
  Art  
  House  
  Aquaria  
  Movies  
  Cats  
  Clocks  
  Alt.energy  
  Recipes  
  Reptiles  
Me  
Opinions  
Works  

Search Site With Google 



How to create a bunch of certs.

1) First, declare yourself a root cert authority:

Create a RSA private key for your CA (will be Triple-DES encrypted and PEM formatted): 

$ openssl genrsa -des3 -out ca.key 1024

Please backup this ca.key file and remember the pass-phrase you currently
entered at a secure location. You can see the details of this RSA private
key via the command 

$ openssl rsa -noout -text -in ca.key

And you can create a decrypted PEM version (not recommended) of this private key via: 

$ openssl rsa -in ca.key -out ca.key.unsecure

Create a self-signed CA Certificate (X509 structure) with the RSA key of the CA (output will be PEM formatted): 

$ openssl req -new -x509 -days 365 -key ca.key -out ca.crt

You can see the details of this Certificate via the command: 

$ openssl x509 -noout -text -in ca.crt


2) Make a server key. We are going to us ethe same server key of all out certs
so we won't have one key file per domain.

openssl genrsa -des3 -out server.key 1024

3) If you want, make unsecure (ie, no pass phrase) versions of these files

$ openssl rsa -in server.key -out server.key.unsecure

You end up with this:

# d
total 13
drwxrwx---   3 root  ca     1024 Mar 25 20:10 ./
drwxr-xr-x  22 root  wheel   512 Feb 26 22:42 ../
drwxr-xr-x   2 root  ca      512 Mar 25 19:39 ca.db.certs/
-rw-r--r--   1 root  ca      518 Mar 25 19:39 ca.db.index
-rw-r--r--   1 root  ca        3 Mar 25 19:39 ca.db.serial
-rw-r--r--   1 root  ca      887 Mar 25 19:25 ca.key
-rw-r--r--   1 root  ca      963 Mar 25 19:25 ca.key.secure
-rw-r--r--   1 root  ca      887 Mar 25 19:24 ca.key.unsecure
-rw-r--r--   1 root  ca      891 Mar 25 20:08 server.key
-rw-r--r--   1 root  ca      963 Mar 25 20:07 server.key.secure
-rw-r--r--   1 root  ca      891 Mar 25 20:08 server.key.unsecure
-rwxr-xr-x   1 root  ca     1784 Mar 25 19:19 sign.sh*


4) Now go make CSR's for the domains you want certs for:


$ openssl req -new -key server.key -out server.csr

Where "server.csr" is replaced by the freal domain, ie example.com.csr


5) Nos sign 'em

./sign.sh example.com.csr

You'll now have example.com.crt, just plug that into apache.conf
and restart and you're done.
























 


Search Site With Google

KillifishAlternative DNSTropical FishMercedesMercedes parts