First we have to generate a certificate signing request plus a private key.
(in the openssl.cnf file you can edit default_bits = 4096 and the certificate will be a strong one)
You will be asked for some information: PEM pass phrase: - a long and secure (not a simple) password Country Name: - a two letter code for your country (swiss = CH; netherlands = NL, …) State or Province Name: - the province you live in (optional) Locality Name: - the city you live in (optional) Organization Name: - (optional) Organizational Unit Name: - (optional) Common Name: - The complete domain, for what you are creating the certificate. In this case "localhost" The correct entry is important, because the here choosen name is verified later!!! Email Address - (optional) A challenge password - This attribut you can ignore, because we will sign our certificate by ourself. An optional company name - (optional) As next step we will remove the passphrase/password from the private key and save it in a new file.
At least we will generate our own certificate. Usually this is done by a CA, but in our case we are our own CA.
> If you want to generate one certificate for multiple servernames, this can be done with an additional "multidomain.cnf" file, in which the needed information has been placed before. This file can be included:
With the value -days 3650 the certificate is valid for 10 years. That should be enough. |
zLinux >