Skip to main content

How to Self-Sign an SSL Certificate

To self-sign SSL certificates using openssl, you will need to set up your own certificate authority using the following steps.

  • Generate a key for your certificate authority
    openssl genrsa -des3 -out server.key 2048
  • Remove the password from your server's key. This step is optional, but is required to get the below Perl script to work. Obviously you wouldn't do this to a real key that you had signed by a real certificate authority.
    cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
  • Generate a CSR for your certificate authority.
    openssl req -new -nodes -key server.key -out server.csr
  • Sign your certificate request
    openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
  • Now you can sign certificate requests. Here is an example for a CSR named test.csr
    openssl x509 -req -days 365 -in test.csr -out test.crt -CA server.crt -CAkey server.key -set_serial 01
  • Optional: Add your certificate authority to your browser so you don't get a certificate warning when visiting your test site.

Here is a Perl CGI script that will sign certificates from a browser.

#!/usr/bin/perl

use CGI qw(:standard);

print "Content-type: text/html\n\n";

unless (param('REST')) {

print <<HTML;

<html>
<body>

<form action="index.cgi" method=post>
Put your Certificate Request here:
<br/>
<textarea name="csr" cols="65" rows="22">
</textarea>
<br/>
How long you want it for? <input type="text" name="days" value="365"> (days)
<br/>
<input type="submit" value="Sign It!"/>

</form>

HTML

}

if (param()) {
    my $csr = param('csr');
    my $days = param('days');
    $days =~ s/[^\d]//g;

    my $csr_file = "/full/path/to/a/directory/where/you/can/write/csr/files/" . $ENV{'REMOTE_ADDR'} . "." . $$ . "." . time() . ".csr";
    my $crt_file = $csr_file;
    $crt_file =~ s/\.csr/\.crt/g;

    open CSR, ">", $csr_file or die $!;
    print CSR $csr;
    close CSR;

    `openssl x509 -req -days $days -in $csr_file -out $crt_file -CA /full/path/to/your/servers/crt/file/server.crt -CAkey /full/path/to/your/servers/key/file/server.key -set_serial 01`;

    print "<pre>\n" unless param('REST');

    open CRT, "<", $crt_file or die $!;
    while (<CRT>) {
      print $_;
    }
    close CRT;

    print "\n\n</pre>\n" unless param('REST');
}

print " </body> </html> " unless param('REST');
Labels:

Comments

Post a Comment

Popular posts from this blog

How to make an HTTP request with PowerShell

If you are making an HTTP request to a RESTful web service, you can use the PowerShell  Invoke-RestMethod cmdlet. This provides a very simple HTTP REST interface, and will also format the result into a PowerShell object. If you would like to use your own functions, you can follow the instructions below. This is a helper function to format (indent) an XML response from a web service. function Format-XML { Param ([string]$xml) $out = New-Object System.IO.StringWriter $Doc=New-Object system.xml.xmlDataDocument $doc.LoadXml($xml) $writer=New-Object system.xml.xmltextwriter($out) $writer.Formatting = [System.xml.formatting]::Indented $doc.WriteContentTo($writer) $writer.Flush() $out.flush() Write-Output $out.ToString() } Here is the function to make the http call. It dumps the response data on the terminal and also returns it as a string to the caller. If there is an error it will dump the HTTP status code and comment on the terminal and return the respon
6 comments
Read more

Running PowerShell commands from Linux

There are several options for running PowerShell commands from Linux. Run the PowerShell script over a REST interface Unless you need a remote shell, the easiest option is to set up a REST interface for your PowerShell scripts. More information here . Using the winrm Ruby Gem https://github.com/WinRb/WinRM Using a WS-Management client on Linux Set up Windows for remote access: https://github.com/Openwsman/openwsman/wiki/winrm-over-openwsman-setup Install OpenWSMAN on Linux: http://openwsman.github.io/ Use Openwsman Command-Line Client: https://github.com/Openwsman/openwsman/wiki/openwsman-command-line-client OR - Use Ruby client bindings: http://users.suse.com/~kkaempf/openwsman/ Install an SSH server on Windows Install a Salt Minion on Windows Install Salt Master on Linux Install Python on Windows Install Salt Minion on Windows Open firewall on Windows for Salt access On Linux, run: # salt "winServer" cmd.run "powersh
1 comment
Read more

A simple IIS HTTP module to log request headers and post data

This is a simple http module that hijacks the incoming request and logs it to a file. Using this module prevents the application from getting the post data because the input stream can only be read once. With .NET 4.0 the module could be much smaller, and could allow the application to read the data. To compile this, create a new "Class Library" application called PostDataLogger. Most of this class is pieced together from stolen code (stack overflow, etc.) using System; using System.IO; using System.Web; /// /// Dump PostDataLogger.DLL in your bin, and put this in your web.config inside of /// /// /// /// public class SimpleLogger : IHttpModule { private HttpApplication _ctx; public void Init(HttpApplication context) { _ctx = context; context.BeginRequest += new EventHandler(Context_BeginRequest); } void Context_BeginRequest(object sender, EventArgs e) { string GUID = Guid.NewGuid().ToString(); string filename = @"d:\temp\adeber
Post a Comment
Read more