Creating a new SSL certificates.

Creating a new SSL certificates:
1. If it is missing, you will have to create a new one key.
root# openssl genrsa -out filename.key 1024

2. Create a CSR
root# openssl req -new -key filename.key -out filename.csr

3. Remove pass-phrase from a keyIf you don’t have pass-phrase don’t do it.
One unfortunate side-effect of the pass-phrased private key is that Apache will ask for the pass-phrase each time the web server is started. It is possible to remove the Triple-DES encryption from the key, thereby no longer needing to type in a pass-phrase. If the private key is no longer encrypted, it is critical that this file only be readable by the root user! If your system is ever compromised and a third party obtains your unencrypted private key, the corresponding certificate will need to be revoked. With that being said, use the following command to remove the pass-phrase from the key:

cp filename.key
openssl rsa -in -out filename.key

4. Generating the certificate/Self-Signed certificate
root# openssl x509 -req -days 730 -in filename.csr -signkey filename.key -out filename.crt

5. Make it into the .pem format
root# cat filename.key filename.crt > filename.pem

One thought on “Creating a new SSL certificates.”

  1. Also you it can be done this way:

    openssl genrsa 1024 > anything.key
    chmod 400 anything.key
    openssl req -new -x509 -nodes -sha1 -days 365 -key anything.key > anything.cert

    Now that you’ve created the key and cert file you need to concatenate the two files into a .pem file with this command, private key first, then cert. You can also remove the .key file for security purposes in the same command.

    cat anything.key anything.cert > anything.pem && rm anything.key
    chmod 400 anything.pem

    Once you’ve created the .pem file you need to rename it to “mobility.pem” and then replace it with the mobility.pem file in /var/lib/datasync/device.
    WinMobile devices require a .cer certificate file (as opposted to .pem). You’ll need to create a copy of the .pem file and convert it to .cer:

    openssl x509 -in mobility.pem -inform PEM -out mobility.der -outform DER

Leave a Reply

Your email address will not be published. Required fields are marked *