Every year, when my websites' SSL certificates expire I have to relearn how to generate them all over again. It's not that I forget the concepts, but I can never remember the exact syntax of the commands. This guide expects that you have OpenSSL installed and in your System Path.  My CA directory has the following structure:

CA/
- certs/
- keys/
- requests/
- serial.txt

Generate a key:

openssl genrsa -out keys\wildcard.wylovan.com-20230314.key 2048

Generate request from key:

openssl req -new -key keys\wildcard.wylovan.com-20230314.key -out requests\wildcard.wylovan.com-20230314.csr

Sign certificate from request:

openssl x509 -req -days 365 -in requests\wildcard.wylovan.com-20230314.csr -CA certs\ca-20230309.cer -CAkey keys\ca-20230309.key -CAserial serial.txt -out certs\wildcard.wylovan.com-20230314.cer -extfile domain\wildcard.wylovan.com.txt

Good resources:

• OpenSSL Command-Line HOWTO
• Creating Certificate Authorities and self-signed SSL certificates
• OpenSSL Documents (official site)

Social Bookmarks :                                              

  Export this post to PDF document

Add a comment

Posted by Wyatt on July 8, 2011 11:51:00 PM EDT #