OpenSSL

To generate a private key (with password protection), use

openssl genrsa -des3 -out file.key 2048

Without password protection (eg: If you don;t want to enter the password every time you start the webserver), use

openssl genrsa -out file.key 2048

Once you have the key, generate a CSR (Certificate Signing Request):

openssl req -new -key file.key -out file.csr

Send this CSR to a CA and (after you’ve paid them, usually) they will send you the corresponding certificate.

As an alternative, you can self-sign this certificate. However, if you are like me, you may be using many uch certificates on your internal network. For such use, you should setup an internal CA and sign your CSR with this. The result is that you only need to import one root certificate into your machines, and all issued certificates will work without prompting you all the time.

Here are some misc transforms:

1. To convert a cert from DER format to PEM format:

openssl x509 -in db.wareman.com.cer -inform DER -out db.wareman.com.pem -outform PEM
openssl x509 -in root.cer -inform DER -out root.pem -outform PEM

2. To convert a cert from PEM format to DER format:

openssl x509 -in input.cer -inform PEM -out output.cer -outform DER

3. To convert a private key from DER format to PEM format:

openssl rsa -in inkey.cer -inform DER -out outkey.cer -outform PEM

4. To convert a private key from PEM format to DER format:

openssl rsa -in inkey.cer -inform PEM -out outkey.cer -outform DER

5. To convert .p12 to unencrypted PEM:

openssl pkcs12 -in yourcert.pfx -out youcert.pem –nodes

6. To convert PEM to encrypted .p12:

openssl pkcs12 -export -in mobile.pem -inkey mobile.pem -out mobile.p12

Loading Facebook Comments ...