Hi all, My question asked earlier and helpfully answered by Jim Fox opened a whole can of worms for me. Googling around I found no two sites that to my untrained eye seem to do these steps in the same way. So I borrowed a few bits and pieces here and there and came up with these very newbie steps to create a local mini-CA (think that's the term) which will be used to sign a certificate for a local server to test secure web & mail. Would anyone in the know please be so kind to tell me if these steps are correct and if not rectify them? If you feel generous please enlighten me how I can add to the server certificate a second hostname with SubjectAltNames :)
# generate CA private key, AES256 & 4096 length $ openssl genrsa -aes256 -out ca_private.key 4096 # generate the CA's public key $ openssl req -new -x509 -days 365 -key ca_private.key \ -out ca_public.crt # generate an unsigned server key $ openssl genrsa -aes256 -out server_private.key 4096 # generate the server's certificate signing request $ openssl req -new -key server_private.key -out server_private.csr # sign the CSR with the self-created/self-signed CA $ openssl x509 -req -days 365 -in server_private.csr -CA ca_public.crt \ -CAkey ca_private.key -set_serial 01 -out server_public.crt Your feedback is much appreciated. Regards, Patrick ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
