Page History
Table of Contents |
---|
Introduction
Users have a choice to use CA signed certificates and self-signed certificates:
- CA signed certificates are issued by a know Certificate Authority (CA)
- Self-signed certificates are created by the user and are not related to a CA.
There is no difference concerning the type of X.509 certificates, the usage for Server Authentication / Client Authentication, or the encryption of connections.
The article explains how to create self-signed certificates by use of OpenSSL. This utility ships with Linux and most Unix environments and is available for Windows environments. The below examples are focused on Unix.
Create Root CA Certificate
The first step includes to create a private key (root-ca.key
) and self-signed certificate (root-ca.crt
) for for the Root CA both in PEM format. This step is performed just once.
...
Create Server Certificate
The For a given server the second step includes to create for a given server a private key and certificate request (CSR). The resulting server certificate will be signed.
...
In order to run the script successfully the following openssl-cert.config
file has to be present. To create a server certificate the CommonName
attribute has to be adjusted. The attribute holds
Replace the value of the commonName
attribute with the hostname of the server for which the certificate should be created:
...