self-signed certificate

from HTYP, the free directory anyone can edit if they can prove to me that they're not a spambot
Revision as of 21:25, 24 March 2015 by Woozle (talk | contribs) (Created page with "category:SSL ==About== A self-signed certificate is useful in some circumstances where you need the security of SSL encryption, but do not nee...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

About

A self-signed certificate is useful in some circumstances where you need the security of SSL encryption, but do not need certification by a third party.

How to

  • Very brief introduction to create a CA and a CERT
    • If /usr/local/openssl/openssl.cnf.sample does not exist on your system, you can get a copy from MIT.
    • What needs to be changed is mainly the file locations under [ CA_default ]. They seem to presume that you will be executing commands from outside the CA folder, which doesn't work.
    • If you've already got a .key (private key file) and a .crt (certificate file) generated from that key, it looks like you can configure openssl.cnf to point to them and then skip straight to the penultimate command:
      • openssl ca -config openssl.cnf -policy policy_anything -out newcert.pem -infiles tmp.pem
      • I ran all the steps up to that point, but then got errors trying to execute it -- until I repointed openssl.cnf to my pre-existing .crt and .key files.
Retrieved from "https://htyp.org/mw/index.php?title=self-signed_certificate&oldid=20798"