Tuesday, September 1, 2009

Self-signed Digital Certificate

I am currently tinkering with a new pet project. I need a self generated cert for my experiment. I've created a cert using Microsoft's CA offering but it turns out that it is easier to use OpenSSL which is native to Ubuntu. The first step is creating a private key.

commandrine@bridge:~$ openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
.............................................++++++
...................++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
commandrine@bridge:~$

Next step is generating the test cert.

commandrine@bridge:~$ openssl req -new -x509 -key server.key -out cacert.pem -days 1095
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:SG
State or Province Name (full name) [Some-State]:Singapore
Locality Name (eg, city) []:Singapore
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Security Republic
Organizational Unit Name (eg, section) []:Information Security
Common Name (eg, YOUR name) []:commandrine
Email Address []:commandrine@gmail.com
commandrine@bridge:~$

Hmmmm. Turns out that IIS only accepts PKCS format certs. Had to convert my cert before I could import it.

commandrine@bridge:~$ openssl pkcs12 -export -passout pass:"testing" -inkey server.key -in cacert.pem -out cacert.p12 -name "cacert"
Enter pass phrase for server.key:
commandrine@bridge:~$

No comments:

Post a Comment