Skip to content

Instantly share code, notes, and snippets.

@ArturDorochowicz
Last active March 31, 2020 19:33
Show Gist options
  • Save ArturDorochowicz/9791217 to your computer and use it in GitHub Desktop.
Save ArturDorochowicz/9791217 to your computer and use it in GitHub Desktop.
Creating SSL certificates with OpenSSL and other notes on creating certificates.

SSL Certificate with OpenSSL

Create self-signed root certificate

http://www.freebsdmadeeasy.com/tutorials/freebsd/create-a-ca-with-openssl.php http://www.freebsdmadeeasy.com/tutorials/web-server/apache-ssl-certs.php

Set up directory structure for CA and configure openssl.cnf.

Set OPENSSL_CONF environment variable - alternative to specifying -config argument each time.

openssl req -new -x509 -days 3650 -extensions v3_ca -keyout my-ca.key.pem -out my-ca.cer.pem -config openssl.cnf

Create SSL certificate

Common Name is the domain.

openssl req -new -nodes -keyout www-example-com.key.pem -out www-example-com.req.pem -config openssl.cnf

Sign the request by CA.

openssl ca -days 1095 -in www-example-com.req.pem -out www-example-com.cer.pem -config openssl.cnf

Install to Apache

Since the CA certificate is self-signed, Apache needs to serve the CA certificate in addition to the site certificate.

SSLCACertificateFile

Other

Converting .pem to .cer

openssl x509 -outform der -in myCert.cer.pem -out myCert.cer

Converting .pem to .pfx

openssl pkcs12 -inkey myCert.key.pem -in myCert.cer.pem -export -out myCert.pfx

Generate new key pair for SSH

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout myPrivateKey.pem -out myCert.pem

Create self-signed root certificate

http://msdn.microsoft.com/en-us/library/windowsazure/dn133792.aspx#bkmk_VPNCertificates

makecert -sky exchange -r -n "CN=My Root CA" -pe -a sha1 -len 2048 -ss My "My Root Ca.cer"

Create certificate

http://msdn.microsoft.com/en-us/library/windowsazure/dn133792.aspx#bkmk_VPNCertificates

makecert.exe -n "CN=name-on-cert" -pe -sky exchange -m 96 -ss My -in "My Root CA" -is my -a sha1

Converting .pfx to Putty .ppk

http://charles-blog.appspot.com/tag/pkcs12

Export the private key file from the .pfx file

openssl.exe pkcs12 -in myCert.pfx -nocerts -out myPrivateKey.pem

Import .pem into Puttygen and save as .ppk.

Remove passphrase from the key

Remove the passphrase from the private key.

openssl.exe rsa -in myPrivateKey.pem -out myPrivateKeyWithoutPass.pem

Add passphrase.

openssl.exe rsa -des3 -in myPrivateKey.pem -out myPrivateKeyPass.pem
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment