GENERATE AN OPENSSL CERTIFICATE REQUEST WITH SHA256 SIGNATURE

http://itigloo.com/security/generate-an-openssl-certificate-request-with-sha-256-signature/

1. Generate a SSL Key File

Firstly you will need to generate a key  file. The example below will generate a 2048 bit key file with a SHA-256 signature.

openssl genrsa -out key_name.key 2048 

If you want extra security you could increase the bit lengths.

openssl genrsa -out key_name.key 4096

** Please note that both these examples will not add a password to the key file. To do that you will need to add -des3 to the command.

2. Create a Certificate Signing Request (CSR)

 This step will create the actually request file that you will submit to the Certificate Authority (CA) of your choice.

openssl req -out CSR.csr -key key_name.key -new -sha256

You can check that your Certificate Signing Request (CSR) has the correct signature by running the following.

openssl req -in CSR.csr -noout -text

It should display the following if the signature is correct.

Signature Algorithm: sha256WithRSAEncryption

3. Install the Certificate (CRT)

This step is very dependant of the software you use and I won’t really cover. All I will say is that these certificates are supported by a multitude of software, including Apache HTTPD and NGINX.

4. Test your installed Certificate

This step is extremely important and will show you any security problems with your SSL configuration.

Qualys have a free hosted service that tests the SSL configuration of Internet facing web servers for SSL issues. The sites tested are rated from A to F, and a report is generated. This report is really useful for tuning your SSL configuration.

https://www.ssllabs.com/

The SSL Labs tests are regularly updated when new issues are discovered. This means that if your server is rated as A today, next week it maybe rated as C.

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值