Thursday, April 4, 2013

How To Create A SSL Self-Signed Certificate, One-Liner

You'll need to change the values inside the -subj variable to suit your needs.
/usr/bin/openssl req -x509 -newkey rsa:2048 -keyout server.key -out server.cert -days 365 -nodes -subj "/C=$countryCode/ST=$state/L=$location/O=$organization/OU=$orgUnit/CN=$hostname"
Just a note, on 32-bit systems, OpenSSLs' use of time_t routine to calculate the epoch is limited to the year 2038 so your -days variable cannot exceed this date or the cert expiration will roll back in time and already be expired. 64-bit systems are not hindered with this limitation.

No comments:

Post a Comment