Wednesday, March 5, 2008

Create a self signed certificate

During this week I've created a couple of certificates for our webserver.
We have both IIS and apache servers for different systems and their requirements.

If you need a certificate in IIS and don't want to pay a signed certificate from, say Verisign.
All you need to do is to install selfssl from the IIS resource kit on the server where you have IIS.
then you just run the following command to create a simple certificate:
selfssl.exe / /K:1024 /V:365 /S:1 /P:443
You should change the CN name to match with your website or URL.
/K is the key size, /V is how long it's valid, /S is the site number /P is the port

If you want more info on this run selfssl.exe /?

If you need to create a certificate with apache, just install openssl and run the following commands.

openssl genrsa -out ca.key 1024
this creates a private key in ca.key

openssl req -new -key ca.key -out ca.csr
This creates a CSR file named ca.csr using the ca.key key file. You can submit this file to certification authorty, like Verisign. They will use this file to create a certificate for you.
You will be asked several questions here, and make sure that Common Name match your website.

Next command will create a self-signed certificate that you can use on your apache webserver.
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

If you're using apache on windows you should run the following command and use the new key created.
openssl rsa -in ca.key -out ca2.key

Otherwise you get the following message in the apache error log and can't start the apache service: SSLPassPhraseDialog builtin is not supported on Win32.

Good luck

1 comment:

Anonymous said...

Useful guide.....


Web Counters