Linux Tutorials
Building Hadoop Clusters On Linux In EC2
Installing And Using Hadoop
Setting Up SSH Keys Using SSH Agents And Tunnels
Creating OpenSSL Certificates and Certificate Authorities
Installing and configuring Xen
IPTables Primer
Linux Basic Bash Scripting

Creating OpenSSL Certificates and Certificate Authorities

Generating a Self Signed Certificate

The first thing to do is generate the private key. The following command generates a 1024 bit RSA private key encrypted with triple DES (DES3).

# openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:

Next create certificate request. This is used to create the self signed certificate, and is what you would send to a CA for signing.

# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Georgia
Locality Name (eg, city) []:Atlanta
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Higherpass
Organizational Unit Name (eg, section) []:ssl
Common Name (eg, YOUR name) []
Email Address []

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

To prevent having to enter the password each time the key is loaded you need to cache the password in the key. Take precautions to protect this file. If lost or stolen contact your CA to have it revoked.

# cp server.key server.key.orig
# openssl rsa -in server.key.orig -out server.key
Enter pass phrase for server.key.orig:
writing RSA key

Generate self signed certificate

# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
Getting Private key
 1 2  >> Creating A Certificate Authority
New Content