To start with certificates, we need to generate RSA and X.509 certificates.
The OpenSSL way
Using the traditional OpenSSL way, this is quite long and tedious:
Generate a private RSA key:
$ openssl genrsa -des3 -out rsa.key 2048
Generate a CSR (Certificate Signing Request):
$ openssl req -new -key rsa.key -out rsa_key.csr
Remove passphrase:
cp rsa.key rsa_key_no_passphrase
openssl rsa -in rsa_key_no_passphrase -out rsa.key
openssl rsa -in rsa_key_no_passphrase -out rsa.key
Generae a self-signed certificate:
openssl x509 -req -days 365 -in rsa_key.csr -signkey rsa.key -out rsa.crt
All this is quite tedious, and will not give you access to a real certificate authority, which brings more:
- The ability to sign and authenticate your keys publicly.
- The ability to revoke your certificates on the Internet.
The CAcert way
CAcert.org, which offers all of this, is managed by individuals.
Creating self-signed certificates is much more easy with CAcert.org.
In short, the process is as follows:
- Register CAcert.org
- Register an email address.
- Validate your email address. This is done by receiving an email.
- Enter your domain name.
- Validate your domain name. This is done by receiving an email.
Bookmark/Search this post with
Blinklist
del.icio.us
Digg
Facebook
Favorite
Google
Google Buzz
Icerocket
LinkedIn
Newsvine
Propeller
Reddit
SlashDot
StumbleUpon
Technorati
Twitter
Yahoo
Printer-friendly version- 1540 reads
PDF version
