To create a self-signed test certificate in Linux,
you can use the following command:
openssl req -new -x509 -key server.key -out server.crt
You can find the meaning of options in man page.
From 'man openssl':
openssl - OpenSSL command line tool
req X.509 Certificate Signing Request (CSR) Management.
From 'man req':
-new
this option generates a new certificate request. It will prompt the
user for the relevant field values. The actual fields prompted for
and their maximum and minimum sizes are specified in the
configuration file and any requested extensions.
If the -key option is not used it will generate a new RSA private
key using information specified in the configuration file.
-x509
this option outputs a self signed certificate instead of a
certificate request. This is typically used to generate a test
certificate or a self signed root CA. The extensions added to the
certificate (if any) are specified in the configuration file.
Unless specified using the set_serial option 0 will be used for the
serial number.
-key filename
This specifies the file to read the private key from. It also
accepts PKCS#8 format private keys for PEM format files.
-out filename
This specifies the output filename to write to or standard output
by default.
To create a self-signed test certificate with a CSR in Linux,
you can use the following command:
openssl req -in ../csr/cert.csr -x509 -key ../private_key/rsa/privkey.pem -out cacert.pem -days 1095
You can find the meaning of options in man page.
From 'man req':
-in filename
This specifies the input filename to read a request from or
standard input if this option is not specified. A request is only
read if the creation options (-new and -newkey) are not specified.
-days n
when the -x509 option is being used this specifies the number of
days to certify the certificate for. The default is 30 days.
Reference:
https://www.openssl.org/docs/HOWTO/certificates.txt
No comments:
Post a Comment