Friday, May 17, 2013

Creating SSL/HTTPS Certificate Request with Open SSL

Sometimes, we are required to launch a simple HTTPS website for security reason or simply for testing purposes.

Here is some simple steps to get SSL certificate for your website:

Step 1: Download and Install OpenSSL from http://www.openssl.org/

Step 2: Open command prompt (if you are using Windows)

Step 3: Run: openssl genrsa -des3 -out server.key 2048
Run this command if see openssl.cnf not found error:
set OPENSSL_CONF=C:\OpenSSL-Win32\bin\openssl.cfg

Step 4: Run: openssl req -new -key server.key -out server.csr
Now you will have server.key and server.csr in your openSSL/bin folder, server.key is your private key while server.csr is used to request the certificate from Certificate Authority

C:\OpenSSL-Win32\bin>set OPENSSL_CONF=C:\OpenSSL-Win32\bin\openssl.cfg

C:\OpenSSL-Win32\bin>openssl genrsa -des3 -out server.key 2048
Loading 'screen' into random state - done
Generating RSA private key, 2048 bit long modulus
.......................+++
...........................+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:

C:\OpenSSL-Win32\bin>openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
Loading 'screen' into random state - done
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:SG
State or Province Name (full name) [Some-State]:Singapore
Locality Name (eg, city) []:Singapore
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Home Pte Ltd
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:terranspot.com
Email Address []:administrator@terranspot.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Step 5: Buy the SSL certificate (e.g. www.namecheap.com)

Step 6: Submit your server.csr file and your will receive server.cer which is your SSL certificate
You will need server.key, server.csr and server.cer if you are using Apache web server.

Posted by at 7 comments:
Labels: ,
Subscribe to: Posts (Atom)