Self-Signed SSL Certificate can be used if you want to try to make secure connection to a server by encrypting the data like HTTPS connection. This is the method:
-x509: This option specifies that we want to make a self-signed certificate file instead of generating a certificate request.
-nodes: This option tells OpenSSL that we do not wish to secure our key file with a passphrase. Having a password protected key file would get in the way of Apache starting automatically as we would have to enter the password every time the service restarts.
-days 365: This specifies that the certificate we are creating will be valid for one year.
-newkey rsa:2048: This option will create the certificate request and a new private key at the same time. This is necessary since we didn't create a private key in advance. The
- create a directory to store the certificate files
- run
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /path/to/yourkey.key -out /path/to/yourcert.crt
to generate the key and certificate files.
-x509: This option specifies that we want to make a self-signed certificate file instead of generating a certificate request.
-nodes: This option tells OpenSSL that we do not wish to secure our key file with a passphrase. Having a password protected key file would get in the way of Apache starting automatically as we would have to enter the password every time the service restarts.
-days 365: This specifies that the certificate we are creating will be valid for one year.
-newkey rsa:2048: This option will create the certificate request and a new private key at the same time. This is necessary since we didn't create a private key in advance. The
rsa:2048
tells OpenSSL to generate an RSA key that is 2048 bits long.
Comments
Post a Comment