self signed certificate

#sudo apt-get install gnutls-bin

1. certtool –generate-privkey –outfile server-ca-key.pem
2. certtool –generate-self-signed –load-privkey server-ca-key.pem –outfile server-ca-certificate.pem
…..
Common name: hostname.domain.example
The certificate will expire in (days): 3650
Does the certificate belong to an authority? (y/N): y
Path length constraint (decimal, -1 for no constraint): -1
Will the certificate be used to sign other certificates? (y/N): y

3. certtool –generate-privkey –outfile server.key
4. certtool –generate-certificate –load-privkey server.key –outfile server.crt –load-ca-certificate server-ca-certificate.pem –load-ca-privkey server-ca-key.pem

Common name: hostname.domain.example
The certificate will expire in (days): 3650
Will the certificate be used for signing (required for TLS)? (y/N): y
Will the certificate be used for encryption (not required for TLS)? (y/N): y

5. sudo install -D -o openldap -g openldap -m 600 server.crt /etc/ssl/certs/server.crt
6. sudo install -D -o openldap -g openldap -m 600 server.key /etc/ssl/certs/server.key
7. sudo install -o root -g root -m 644 server-ca-certificate.pem /etc/ssl/certs/server-ca-certificate.pem

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: