We have some web servers and I want to create self signed certificates for
them.
What do I want:
- I want to create my own certification authority keys and
certificate, that will be imported to all web browsers of our employees
- I want to create certificates, that will be signed by my own
certification authority (previous step) and include them to the
apache/httpd configuration. I don't want our employees to be warned that
the certificate is not trusted (I cannot buy a REAL trusted certificate)
Reading FAQ here http://www.modssl.org/docs/2.8/ssl_faq.html#ToC29,
reading CA.pl from openssl-perl and discussions on inet for 2 days
gave me these steps, that I already performed:
1) creating my own CA:
openssl genrsa -des3 -out ca.key 1024
openssl rsa -in ca.key -out ca.key.unsecure
mv ca.key.unsecure ca.key
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
2) creating my own server key and certification request:
openssl genrsa -des3 -out server.key 1024
openssl rsa -in server.key -out server.key.unsecure
mv server.key.unsecure server.key
openssl req -new -key server.key -out server.csr
3) signing the request by my own CA (see step 1):
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAserial ca.srl
server.crt
4) I have imported the ca.crt into the web browser
5) the server.key and server.crt were included to the apache/httpd
configuration
After these steps the web page looks secured and no warning appears when I
enter the page.
Question:
---------------
Do you see any bad thing about these steps or can you please recommend me
any further step in order to make things properly?
Best regards
Tomas
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
