Web services: Difference between revisions
iwu |
|||
| Line 7: | Line 7: | ||
1. Create a secure key for CSR | 1. Create a secure key for CSR | ||
< | <source lang="bash" highlight="1"> | ||
$ openssl genrsa -des3 -out server.key 2048 | |||
Generating RSA private key, 2048 bit long modulus | Generating RSA private key, 2048 bit long modulus | ||
.....................+++ | .....................+++ | ||
| Line 15: | Line 15: | ||
Enter pass phrase for server.key: | Enter pass phrase for server.key: | ||
Verifying - Enter pass phrase for server.key: | Verifying - Enter pass phrase for server.key: | ||
</ | </source> | ||
2. Create an insecure key for CSR sourcing from the secure one | 2. Create an insecure key for CSR sourcing from the secure one | ||
< | <source lang="bash" highlight="1"> | ||
$ openssl rsa -in server.key -out server.key.insecure | |||
Enter pass phrase for server.key: | Enter pass phrase for server.key: | ||
writing RSA key | writing RSA key | ||
</ | </source> | ||
3. Rename the keys | 3. Rename the keys | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
$ mv server.key server.key.secure | |||
$ mv server.key.insecure server.key | |||
</syntaxhighlight> | </syntaxhighlight> | ||
4. Create the CSR | 4. Create the CSR | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash" highlight="1"> | ||
$ openssl req -new -key server.key -out server.csr | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Revision as of 14:25, 26 February 2015
SSL/TLS
Generate a CSR
This will generate a 2048-bit key (secure & insecure) for usage on a website.
1. Create a secure key for CSR
$ openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
.....................+++
....................+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
2. Create an insecure key for CSR sourcing from the secure one
$ openssl rsa -in server.key -out server.key.insecure
Enter pass phrase for server.key:
writing RSA key
3. Rename the keys
$ mv server.key server.key.secure
$ mv server.key.insecure server.key
4. Create the CSR
$ openssl req -new -key server.key -out server.csr