openssl command for self signed certificates

December 30, 2007

This looks like a good introduction:
openssl req -x509 \ -nodes -days 365 -newkey rsa:1024 \ -keyout mycert.pem -out mycert.pem

In ubuntu Gutsy, apache2-ssl-certificate is gone. It has been replaced with make-ssl-cert, which uses /usr/share/ssl-cert/ssleay.cnf.
There was probably a layer8 problem involved, but I could not get make-ssl-cert to give me 365 days of validity, nor sha256 (sha256 I did not test extensively) with make-ssl-cert. To add sha256 to the mix, just use the -sha256 parameter with the openssl command above.
sha256 indeed breaks Internet explorer 6 and 7 on windows XP. On windows Vista, IE7 works, even with rsa:2048. Firefox, the only other browser I tested, works flawlessly on windows XP. Its hard for me not to make sneery comments about this…

Posted by rekenteken

Filed in code

Comments Off

RekenTeken!

openssl command for self signed certificates

December 30, 2007

Categories

Archives