OpenSSL

From ArgeoWiki

OpenSSL
Web site	http://www.openssl.org
All third party software

[edit]

Generate self-signed certificates with your own certificate authority (CA)

In /etc/pki/tls/private

Generate CA certificate

openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt

Generate httpd server certificate

openssl genrsa -out httpd.key 1024 
openssl req -new -key httpd.key -out httpd.csr
openssl x509 -req -days 365 -in httpd.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out httpd.crt

Generate openldap server certificate

openssl genrsa -out slapd.key 1024 
openssl req -new -key slapd.key -out slapd.csr
openssl x509 -req -days 365 -in slapd.csr -CA ca.crt -CAkey ca.key -set_serial 02 -out slapd.crt

Copy to proper locations

chmod 600 *.key *.csr
cp *.crt ../certs/
cp slapd.key /var/lib/ldap/
chown ldap.ldap /var/lib/ldap/slapd.key

Add CA certificate to JVM

cd /opt/jdk1.5.0_16/jre/lib/security
sudo keytool -import -keystore cacerts -file /path/to/ca.crt -alias argeoCA

(thanks to http://www.tc.umn.edu/~brams006/selfsign.html)

Retrieved from "http://www.argeo.org/mediawiki/index.php/OpenSSL"

Category: Third Party Software

OpenSSL

From ArgeoWiki

Generate self-signed certificates with your own certificate authority (CA)

Views

Personal tools

Navigation

Search

Toolbox