It's recommended to use req rather than x509 to create self-signed certificates
This commit is contained in:
Richard Levitte
parent
4ce4884a5b
commit
8152d88799
1 changed files with 4 additions and 6 deletions
|
|
@ -71,13 +71,11 @@ received.
|
||||||
If you don't want to deal with another certificate authority, or just
|
If you don't want to deal with another certificate authority, or just
|
||||||
want to create a test certificate for yourself, or are setting up a
|
want to create a test certificate for yourself, or are setting up a
|
||||||
certificate authority of your own, you may want to make the requested
|
certificate authority of your own, you may want to make the requested
|
||||||
certificate a self-signed one. If you have created a certificate
|
certificate a self-signed one. This is similar to creating a
|
||||||
request as shown above, you can sign it using the 'openssl x509'
|
certificate request, but creates a certificate instead of a
|
||||||
command, for example like this (to create a self-signed CA
|
certificate request (1095 is 3 years):
|
||||||
certificate):
|
|
||||||
|
|
||||||
openssl x509 -req -in cert.csr -extfile openssl.cnf -extensions v3_ca \
|
openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
|
||||||
-signkey privkey.pem -out cacert.pem -trustout
|
|
||||||
|
|
||||||
|
|
||||||
5. What to do with the certificate
|
5. What to do with the certificate
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue