Why ?
Certificate
can be self-singed or publicly singed , self-singed is singed by your server
only and no public trusted authority know this certificate, it is good to be
used for testing only, production servers/website services that may need a
certificate , you have to generate a request file to be signed by public known
authority and load the singed in your public website or service that may need
this certificate.
How ?
1- generate
a private key that will be used to generate a certificate request, this key is
important to be kept with you for future needed in case .
## with password:
openssl genrsa -des3 -out private.key
2048
## without password:
openssl genrsa -out
VISA_ACS1_PROD_Signing.key 2048
2- Create
the Certificate Singed Request:
openssl req -new -key
privkey.key -sha256 -out server.csr
If
this certificate will be singed by public authority , you have to share “server.csr”
and they will provide you a singed certiticate (mainly .csr or .crt ) file
3-
For Selef-Singed Certificate do the below, First generate a server certificate
that will act like private authority to singe the csr:
openssl x509 -req -days 1825
-in server.csr -signkey server.key -out server.crt
4- In many cases you may need to convert crt to
PEM format, use the below:
openssl x509 -in server.crt
-out server.pem -outform PEM
No comments:
Post a Comment