There are a lot of “how-to” on the Internet explaining the setup procedure. This is mainly a copy / paste example for those in a hurry :)
How to setup your own CA
Generate a key for CA
openssl genrsa -aes256 -out myCA.key 4096
Pick a password and remember it!
Generate a SSL certificate for CA
openssl req -new -x509 -days 3650 -key myCA.key -out myCA.crt
How to create a new SSL certificate signed by your own CA
Request a new key for the new domain that you want to secure
openssl genrsa -aes256 -out MyServerName.key 2048
Pick a password and remember it!
Request a CSR and sign it with the previous created key
openssl req -new -key MyServerName.key -out MyServerName.csr
Request the SSL certificate and sign it against the CA
openssl x509 -req -in MyServerName.csr -out MyServerName.crt -sha1 -CA myCA.crt -CAkey myCA.key -CAcreateserial -days 720
(Optional for Linux) Secure the key on the server
chmod 0400 *.key
To have the SSL working you need to copy on the server side
– MyServerName.key
– MyServerName.crt
– myCA.crt (that’s the CA certificate)
How to view a certificate
openssl x509 -in MyServerName.crt -text -noout
How to check whether a private key matches a certificate or that the certificate matches the certificate signing request (CSR)
openssl x509 -noout -modulus -in MyServerName.crt | openssl md5 openssl rsa -noout -modulus -in MyServerName.key | openssl md5 openssl req -noout -modulus -in MyServerName.csr | openssl md5
Does anybody knows a simple script that can offer the above functionality from web interface? I was looking around for a while now, but either they are enterprise complex or do not work. Let me know in Comments if you have a good suggestion.
Thanks!