I am in the process of setting up an SSL (Secure Sockets Layer) Cert to enable HTTPS on some sites and APIs I’m building. In that effort I needed to setup OpenSSL to create a CSR (Certificate Signing Request) and get the process started. Here’s the steps I went through to accomplish this. First download OpenSSL.
Next make sure you have the prerequisites installed:
- Perl 5
- ANSI C Compiler
- Dev Environment in form of dev libraries and C header files
- Supported Unix Operating System (i.e. – not windows, you’ll have to google those directions separately, for these steps though, get a *nix OS)
Get the zipped contents of the OpenSSL into a working directory to build them. Then follow the standard config, make, and make install steps below.
Once you have that installed there are a number of actions you can perform. Here’s a few.
- Create a CSR (Certificate Signing Request):
[sourcecode language=”bash”]openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key[/sourcecode]
This creates a CSR.csr and privateKey.key file for use for SSL.
- Create a self-signed certificate:
[sourcecode language=”bash”]openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt[/sourcecode]
Self signed certificates are great to use on local servers that are used internally, great for dev servers that need SSL, and similar reasons. For most dev needs there is no need to purchase an extra certificate for SSL, just generate one yourself and use it for development purposes.
- Check a CSR:
[sourcecode language=”bash”]openssl req -text -noout -verify -in CSR.csr[/sourcecode]
- Check a private key:
[sourcecode language=”bash”]openssl rsa -in privateKey.key -check[/sourcecode]
- Check a cert:
[sourcecode language=”bash”]openssl x509 -in certificate.crt -text -noout[/sourcecode]
- Generate a cert signing request from existing cert:
[sourcecode language=”bash”]openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key[/sourcecode]
- Removing a pass key:
[sourcecode language=”bash”]openssl rsa -in privateKey.pem -out newPrivateKey.pem[/sourcecode]
- Generate a CSR for an existing private key:
[sourcecode language=”bash”]openssl req -out CSR.csr -key privateKey.key -new[/sourcecode]
More to come in the near future. I’ve almost got this SSL mess straightened out and am putting together a more complete how-to.