we want to create a ssl self signed certificate, that we have it both on Apache and IIS , and also use linux and windows ce devices to connect to them , i followed many toturials but i cannt find the problem ,
i started with
openssl genrsa -out rootCA.key 2048
openssl genrsa -des3 -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem
openssl genrsa -out device.key 2048
openssl req -new -key device.key -out device.csr
openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days 500 -sha256
but so many things are unclear to me, which file should i use for my apache server ? should i use rootCA.pem in my apache "SSLCertificatefile"? or i should pass them to my devices ?
should i generate a ".crt" for my server based on "rootCA.key" or should i have a new key ? and keep just "rootCA.key" for signing requests ?
and how to convert my linux ".pem" file to windows accepted format ?( conversion process with openssl is easy, but its not accepted by my windows ce client)
and with my devices i can get a connection with openssl lib on a linux device which is ok, but on windows ce device , nothing works
please some one explains to me how i should create it , thanks in advance its very confusing , so many toturials and so many small differences ,
You could use this oneliner:
openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout example.key \
-out example.crt -subj "/CN=example.com" -days 365
The option -subj "/CN=example.com"
sets the certificate subject and prevents being prompted. in this case just sets the "common name" CN
to example.com
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.