![]() sha256: Generate the certificate request using 265-bit SHA (Secure Hash Algorithm). RSA 2048 is the default on more recent versions of OpenSSL but to be sure of the key size, you should specify it during creation. newkey rsa:4096: Create a 4096 bit RSA key for use with the certificate. For more information, see man openssl in your terminal. ![]() There are many other options available, but these will create a basic certificate which will be good for a year. ![]() The following is a breakdown of the OpenSSL options used in this command. If this certificate will be passed on to a certificate authority for signing, the information needs to be as accurate as possible. ![]() Since a self-signed certificate won’t be used publicly, this information isn’t necessary. You will be prompted to add identifying information about your website or organization to the certificate. Here we’ll use /root/certs: su - rootĬreate the certificate: openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out M圜ertificate.crt -keyout MyKey.key That location will vary depending on your needs. Create the CertificateĬhange to the root user and change to the directory in which you want to create the certificate and key pair. If you intend to use your SSL certificate on a website, see our guide on enabling TLS for NGINX once you’ve completed the process outlined in this guide. Self-signed TLS certificates are suitable for personal use or for applications that are used internally within an organization.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |