Skip to main content

How to Self-Sign an SSL Certificate

To self-sign SSL certificates using openssl, you will need to set up your own certificate authority using the following steps.

  • Generate a key for your certificate authority
    openssl genrsa -des3 -out server.key 2048
  • Remove the password from your server's key. This step is optional, but is required to get the below Perl script to work. Obviously you wouldn't do this to a real key that you had signed by a real certificate authority.
    cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
  • Generate a CSR for your certificate authority.
    openssl req -new -nodes -key server.key -out server.csr
  • Sign your certificate request
    openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
  • Now you can sign certificate requests. Here is an example for a CSR named test.csr
    openssl x509 -req -days 365 -in test.csr -out test.crt -CA server.crt -CAkey server.key -set_serial 01
  • Optional: Add your certificate authority to your browser so you don't get a certificate warning when visiting your test site.

Here is a Perl CGI script that will sign certificates from a browser.

#!/usr/bin/perl

use CGI qw(:standard);

print "Content-type: text/html\n\n";

unless (param('REST')) {

print <<HTML;

<html>
<body>

<form action="index.cgi" method=post>
Put your Certificate Request here:
<br/>
<textarea name="csr" cols="65" rows="22">
</textarea>
<br/>
How long you want it for? <input type="text" name="days" value="365"> (days)
<br/>
<input type="submit" value="Sign It!"/>

</form>

HTML

}

if (param()) {
    my $csr = param('csr');
    my $days = param('days');
    $days =~ s/[^\d]//g;

    my $csr_file = "/full/path/to/a/directory/where/you/can/write/csr/files/" . $ENV{'REMOTE_ADDR'} . "." . $$ . "." . time() . ".csr";
    my $crt_file = $csr_file;
    $crt_file =~ s/\.csr/\.crt/g;

    open CSR, ">", $csr_file or die $!;
    print CSR $csr;
    close CSR;

    `openssl x509 -req -days $days -in $csr_file -out $crt_file -CA /full/path/to/your/servers/crt/file/server.crt -CAkey /full/path/to/your/servers/key/file/server.key -set_serial 01`;

    print "<pre>\n" unless param('REST');

    open CRT, "<", $crt_file or die $!;
    while (<CRT>) {
      print $_;
    }
    close CRT;

    print "\n\n</pre>\n" unless param('REST');
}

print " </body> </html> " unless param('REST');
Labels:

Comments

Post a Comment

Popular posts from this blog

Running PowerShell commands from Linux

There are several options for running PowerShell commands from Linux. Run the PowerShell script over a REST interface Unless you need a remote shell, the easiest option is to set up a REST interface for your PowerShell scripts. More information here . Using the winrm Ruby Gem https://github.com/WinRb/WinRM Using a WS-Management client on Linux Set up Windows for remote access: https://github.com/Openwsman/openwsman/wiki/winrm-over-openwsman-setup Install OpenWSMAN on Linux: http://openwsman.github.io/ Use Openwsman Command-Line Client: https://github.com/Openwsman/openwsman/wiki/openwsman-command-line-client OR - Use Ruby client bindings: http://users.suse.com/~kkaempf/openwsman/ Install an SSH server on Windows Install a Salt Minion on Windows Install Salt Master on Linux Install Python on Windows Install Salt Minion on Windows Open firewall on Windows for Salt access On Linux, run: # salt "winServer" cmd.run "powersh...
1 comment
Read more

How to make an HTTP request with PowerShell

If you are making an HTTP request to a RESTful web service, you can use the PowerShell  Invoke-RestMethod cmdlet. This provides a very simple HTTP REST interface, and will also format the result into a PowerShell object. If you would like to use your own functions, you can follow the instructions below. This is a helper function to format (indent) an XML response from a web service. function Format-XML { Param ([string]$xml) $out = New-Object System.IO.StringWriter $Doc=New-Object system.xml.xmlDataDocument $doc.LoadXml($xml) $writer=New-Object system.xml.xmltextwriter($out) $writer.Formatting = [System.xml.formatting]::Indented $doc.WriteContentTo($writer) $writer.Flush() $out.flush() Write-Output $out.ToString() } Here is the function to make the http call. It dumps the response data on the terminal and also returns it as a string to the caller. If there is an error it will dump the HTTP status code and comment on the terminal and return the re...
6 comments
Read more

How to get information about a running process in Windows

wmic allows you to get a lot of information about processes running on a Windows computer. Here are some useful examples To get a list of all running processes: C:\> wmic process list brief To get information about a process with a specific PID: C:\> wmic process where processid=1120 Or to just get the command line: C:\> wmic process where processid=1120 get commandline
Post a Comment
Read more