Generating Apache SSL Self-Signed Certificate

Submitted by sandip on Thu, 07/26/2007 - 21:59. | Tags:

# openssl req -x509 -newkey rsa:1024 -keyout /etc/httpd/conf/ssl.key/server.key -out /etc/httpd/conf/ssl.crt/server.crt -days 9999 -nodes
# chown root:root /etc/httpd/conf/ssl.key/server.key
# chmod 400 /etc/httpd/conf/ssl.key/server.key

Bookmark/Search this post with:

sandip's blog

CSR info

Submitted by sandip on Fri, 05/23/2008 - 15:03.

openssl req -text -noout -in /path/to/server.csr

reply
0 points

SSL certificate information

Submitted by sandip on Thu, 04/10/2008 - 09:28.

Full text information:

# openssl x509 -text -in server.crt
Issuer of the certificate:

# openssl x509 -noout -in server.crt -issuer
Issued to:

# openssl x509 -noout -in server.crt -subject
Valid dates:

# openssl x509 -noout -in server.crt -dates
All of the above:

# openssl x509 -noout -in server.crt -issuer -subject -dates
Hash value:

# openssl x509 -noout -in server.crt -hash
MD5 fingerprint:

# openssl x509 -noout -in server.crt -fingerprint

reply
0 points

Renewing self signed SSL certificate

Submitted by wizap on Tue, 01/29/2008 - 00:29.

After generating a renewed self-signed ssl cert, I got the below message:

You have received an invalid certificate...
Your certificate contains the same serial number as another
certificate issued by the certificate authority. 
Please get a new certificate containing a unique serial number.

With some digging, found that a new serial number can be set as below.

# openssl req -x509 -new -key /etc/httpd/conf/ssl.key/server.key  \
-out /etc/httpd/conf/ssl.crt/server.crt -days 9999 -nodes -set_serial 99999

man x509 for more info.

reply
1 point

Generating Apache SSL Self-Signed Certificate

Comment viewing options

CSR info

SSL certificate information

Renewing self signed SSL certificate

Post new comment

See Also

User login

Recent blog posts

Who's online

Online users