Ever wanted to make your own public key certificate for digital signatures? There are many recipes and tools on the net, like this one. My howto uses OpenSSL, and gives you a cert with a nice chain to your root CA. First we generate a 4096-bit long RSA key for our root CA and store it in file ca.key:openssl genrsa -out ca.key 4096Generating RSA private key, 4096 bit long modulus
...................................................................................++
........................................................................++
e is 65537 (0x10001)
If you want to password-protect this key, add option -des3.Next, we create our self-signed root CA certificate ca.crt; you’ll need to provide an identity for your root CA: openssl req -new -x509 -days 1826 -key ca.key -out ca.crtYou are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:BE
State or Province Name (full name) [Berkshire]:Brussels
Locality Name (eg, city) [Newbury]:Brussels
Organization Name (eg, company) [My Company Ltd]:https://DidierStevens.com
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:Didier Stevens (https://DidierStevens.com)
Email Address []:didier stevens Google mail
The -x509 option is used for a self-signed certificate. 1826 days gives us a cert valid for 5 years.Read more: Didier Stevens
0 comments:
Post a Comment