Creating a new SSL certificates:
1. If it is missing, you will have to create a new one key.
root# openssl genrsa -out filename.key 1024
2. Create a CSR
root# openssl req -new -key filename.key -out filename.csr
3. Remove pass-phrase from a key – If you don’t have pass-phrase don’t do it.
One unfortunate side-effect of the pass-phrased private key is that Apache will ask for the pass-phrase each time the web server is started. It is possible to remove the Triple-DES encryption from the key, thereby no longer needing to type in a pass-phrase. If the private key is no longer encrypted, it is critical that this file only be readable by the root user! If your system is ever compromised and a third party obtains your unencrypted private key, the corresponding certificate will need to be revoked. With that being said, use the following command to remove the pass-phrase from the key:
cp filename.key filename.key.org
openssl rsa -in filename.key.org -out filename.key
4. Generating the certificate/Self-Signed certificate
root# openssl x509 -req -days 730 -in filename.csr -signkey filename.key -out filename.crt
5. Make it into the .pem format
root# cat filename.key filename.crt > filename.pem
One thought on “Creating a new SSL certificates.”
Also you it can be done this way:
openssl genrsa 1024 > anything.key
chmod 400 anything.key
openssl req -new -x509 -nodes -sha1 -days 365 -key anything.key > anything.cert
Now that you’ve created the key and cert file you need to concatenate the two files into a .pem file with this command, private key first, then cert. You can also remove the .key file for security purposes in the same command.
cat anything.key anything.cert > anything.pem && rm anything.key
chmod 400 anything.pem
Once you’ve created the .pem file you need to rename it to “mobility.pem” and then replace it with the mobility.pem file in /var/lib/datasync/device.
WinMobile devices require a .cer certificate file (as opposted to .pem). You’ll need to create a copy of the .pem file and convert it to .cer:
openssl x509 -in mobility.pem -inform PEM -out mobility.der -outform DER