New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Generating a CSR code for SSL cert
I bought a couple of Comodo PositiveSSL certs, for a dollar, a while back (last year) and figured I would try one out. Unfortunately I can't find the research I did on generating CSRs.
I have a bash script that generates "non-trusted" certs for my VPSes, which I created the CA.cfg for, but It has been so long that I have forgotten the requirements , so can anyone point me to a good guide
thanks
Comments
There is a guide on linode that could be useful for you. Would link it but its a pain on my phone
openssl req -out server.csr -new -newkey rsa:2048 -nodes -keyout server.key
If you're only generating key/CSR for external CA to sign, you don't need CA.cfg or anything complicated.
beautiful, I love it when things are stupid simple (it means they're made specially for me )
Thanks
And make sure you save the
.key
file in a proper place. Lost or stolen or overwritten cost you money.I use https://www.digicert.com/easy-csr/openssl.htm to generate openssl command line.
Keep in mind the need to use SHA-256 if the certificate will be used beyond the end of 2015.
Some references:
http://googleonlinesecurity.blogspot.tw/2014/09/gradually-sunsetting-sha-1.html
https://konklone.com/post/why-google-is-hurrying-the-web-to-kill-sha-1
http://blogs.technet.com/b/pki/archive/2013/11/12/sha1-deprecation-policy.aspx
Or you can use this nifty little tool: https://csrgenerator.com
$1,-. where?
NameCheap.com when purchasing a domain.
https://www.linode.com/docs/security/ssl/ssl-certificates-with-apache-2-on-centos-5-6
Keep in mind, in this case a third party will have your private key, which makes the entire thing (potentially) insecure.
It's an open source tool available on GitHub, though. You can fork it and use it yourself, or on your own web server.
I was referring to the mentioned website.