Sunday, February 18, 2007

SSL Cheatsheet

Make OpenSSL as a CA

* I am using openssl that is part of cygwin.

cd openssl
mkdir demoCA/private

Step 1: Generate a key for the CA certificate - this should have a larger keysize as it secures all other certificates

openssl genrsa -des3 -out ./demoCA/private/cakey.pem 2048

----------------------------
Generating RSA private key, 2048 bit long modulus
..+++
................+++
e is 65537 (0x10001)
Enter pass phrase for ./demoCA/private/cakey.pem:
2968:error:28069065:lib(40):UI_set_result:result too small:ui_lib.c:849:You must
type in 4 to 1023 characters
Enter pass phrase for ./demoCA/private/cakey.pem:
Verifying - Enter pass phrase for ./demoCA/private/cakey.pem:
-------------------------------

My pass phrase is "changeme". You can choose anything.



No comments: