Stargate Logo  Secured by phpPhobos

  Login  - No Account?  Create One   
Tuesday, 14 July 2020  -
News FeedRSS Feed
rss rdf  
    Site Documentation 
    About me 
  Legal Notice 
    Web Links 
    RC Models 
    RC Batteries 
    Build blogs 
    DNS Blacklist 
 Registered Bloggers 
  Blog de Maiwenn 
  Blog de Morgane 
  Joerg's Blog 
 Gallery [Listing]
  > Diving 
  > Martinique 
  > Steampunk 
  > RC Planes 
  > FPV Drones 
  > Indy travels 
  > Budapest 
 FAQ  [ Topics  ]
 Common Linux problem... 
 Routerboard RBxxxAH 
 Apple Mac-mini 
 PHP Phobos 
 Stargate's Backup sc... 
 eBook Reader / PRS-5... 
 RC Models 
 Server in SolLan 
 System Stats [ Index ]
  > Gateway 
  > Stargate 
  > Halley 
  > RemPi 
 Weather Station
  > WeatherPI 
Question ? How can I generate self signed certificates for various services ?   [
View DetailsView details
Print ViewPrint view

 First - make sure you have the openssl package installed and have created a local Certification authority.
When talking about fqdn - the Full Qualified Domain Naeme is meant. This - to ensure you find your certificates after - and link them to the right service/site.
After that - create a private key with:

openssl genrsa -aes128 512/1024 > fqdn.key
Generating RSA private key, 512 bit long modulus
e is 65537 (0x10001)

This will ask you for a password. If for any reason you don't want a password to be entered every time you want to use the certificate - skip the -aes128 part.
Once the Key created - you need to create a certification request

openssl req -new -key fqdn.key > fqdn.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:New York
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Internet Widgits Pty Ltd
Organizational Unit Name (eg, section) []:Demo Certificate Creation
Common Name (eg, YOUR name) []
Email Address []

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Make sure the Common Name matches the Full Qualified Domain name of the Service you want to use the certificate for.
Once the request created - you need to let your local CA sign the certificate using:

openssl ca -policy policy_anything -out fqdn.crt -infiles fqdn.csr
[... Loads of stuff removed ...]
Certificate is to be certified until Dec 29 09:29:23 2006 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y

Now you're done.
If you're looking to create a pem-file - here is a little help for it - used b.e. to create a Key for Cyrus-Imap.

dd if=/dev/urandom of=random.rnd count=1
openssl req -new -x509 -days 365 -nodes -out fqdn.pem -keyout fqdn.pem
openssl gendh -rand random.rnd 512 >> fqdn.pem
openssl x509 -subject -dates -fingerprint -noout -in fqdn.pem

This will generate you a fine certificate for use with cyrus. 

Entered by smurphy on Wednesday, 01 February 2006 @ 22:53:06  
Cryptography stuff - Common Linux problems, # Hits: 89132
  Back Back  
Problems to  root(-AT-)solsys(-DOT-)org  - best viewed @ 1920bpp
This site is powered by phpPhobos v2.0b446
© J. Mertin smurphy(-AT-)solsys(-DOT-)org 
Icons - Copyright Breeze artists GPL 2+