Openssl is a command line tool used to generate certificates which will be used for opensource webservers like Apache and appservers like tomcat.
Most Linux/Unix platform will have openssl installed.
Check openssl is installed by issuing the command
openssl version.Below is the output.
[}$ openssl version
OpenSSL 1.0.0-fips 29 Mar 2010
To set up a SSL we need
1.private key
2.certificate request to send to CA
3.Get the certificate from CA via email.
Most Linux/Unix platform will have openssl installed.
Check openssl is installed by issuing the command
openssl version.Below is the output.
[}$ openssl version
OpenSSL 1.0.0-fips 29 Mar 2010
To set up a SSL we need
1.private key
2.certificate request to send to CA
3.Get the certificate from CA via email.
openssl genrsa -des3 -out test.key 2048
The above command has genrsa which is to use RSA algorithm.des3 which is triple DES algorithm to encrypt passphrase and 2048 is the bit size.
openssl genrsa -aes128 -out test.key 2048
In the above command mentioned aes algorithm to use for key protection if you dont want des3.
There are many websites to give the command you dont have to remember the command.
2.Generate CSR.
CSR is the one where you will provide your website information which will be used by CA to generate the certificate.
openssl req -new -key test.key -out test.csr
Once you type the command it will ask for passphrase and some other info like country ,state,email and common name.
To skip typing these either you can put the config in cnf file or put the details in the command itself.
[req]
prompt = no
distinguished_name = distinguished_name
[distinguished_name]
CN = www.test.com
emailAddress = test@test.com
O = Test Ltd
L = London
C = GB
Place the above line in a file called test.cnf and issue the command below
openssl req -new -key test.key -out test.csr -config test.cnf
it will only ask for passphrase of the private key since other details are already mentioned in the cnf file.
The above example is for single domain.For multi domain you have to configure subject alternative name (SAN) in the cnf file with v3 extensions.
Once the csr is generated open the file with text editor and copy the content fully and paste it in any CA site you wish.
WebSphere is a set of Java-based tools from IBM that allow customers to create and manage sophisticated business Web sites. The central WebSphere tool is ... Layman Learning Courses
ReplyDeleteVisit: www.laymanlearning.com Support; Query? +91-741-626-7887 ... Online Corporate IT training services. OnlineTraining | Corporate Training | Layman Learning.
Your post are awesome!!
ReplyDelete