Page History
...
Users have a choice to use CA-signed certificates and self-signed certificates:
- CA-signed certificates are issued by a know known and trusted Certificate Authority (CA).
- Self-signed certificates are created by the user and are not related to a known CA.
...
The article explains how to create self-signed certificates by use of OpenSSL. This utility ships with Linux and most Unix environments and is available for Windows environments. The below examples are focused on Unix.
Anchor | ||||
---|---|---|---|---|
|
...
Creating the Root CA Certificate
The first step includes to create the root-ca.key
private key file and the root-ca.crt
self-signed certificate file for the Root CA both in PEM format. This step is performed just once.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# step 1 Generate Certificate Authority (CA) Private Key openssl ecparam -name prime256v1 -genkey -noout -out root-ca.key # step 2: Generate Certificate Authority Certificate openssl req -new -x509 -sha256 -key root-ca.key -out root-ca.crt |
Anchor | ||||
---|---|---|---|---|
|
...
Creating a Server Certificate
For a given server the second step next steps includes to create a private key and Certificate Signing Request (CSR). The resulting server certificate will be signed.
...