Creating an SSL-certificate for my webserver

Fabio Laganà — Wed, 12 Nov 2008 10:13:39 +0000

#!/bin/sh
SERVER=ssl.mioserverweb.dominio
PRIVATE_KEY=$SERVER.private.key
CERTIFICATE_FILE=$SERVER.crt
VALID_DAYS=365
 
echo Delete old private key
rm $PRIVATE_KEY
echo Create new private/public-keys without passphrase for server
openssl genrsa -out $PRIVATE_KEY 2048
 
echo Create selfsigned certificate
rm $CERTIFICATE_FILE
# From man req:
#  -x509
#    this option outputs a self signed certificate instead
#    of a certificate request. This is typically used to
#    generate a test certificate or a self signed root CA.
#    The extensions added to the certificate (if any) are
#    specified in the configuration file.
 
openssl req -new 
        -days $VALID_DAYS 
        -key $PRIVATE_KEY 
        -x509 
        -out $CERTIFICATE_FILE
 
echo private-keyfile is $PRIVATE_KEY
echo server-certificate-file is $CERTIFICATE_FILE
 
ls -l $PRIVATE_KEY $CERTIFICATE_FILE

Update Expired SSL Certs

Fabio Laganà — Wed, 29 Oct 2008 11:17:06 +0000

- Farsi una copia del vecchio certificato
cd /etc/ssl/certs
cp -ap pop3ss.pem pop3s.pem.scaduto
 
- Ricreazione nuovo certificato
cd /etc/ssl
openssl req -new -x509 -nodes -days 3650 -newkey rsa:1024 -keyout private/pop3s.key -out pop3s.cert
touch certs/pop3s-new.pem
chmod 600 certs/pop3s-new.pem
cat private/pop3s.key pop3s.cert > certs/pop3s-new.pem
dd if=/dev/urandom count=2 | openssl dhparam -rand - 512
pico certs/pop3s-new.pem
chown vpopmail certs/pop3s-new.pem
cd certs
mv pop3s-new.pem pop3s.pem
 
-- rollback in caso qualcosa andasse storto --
mv pop3s.pem.scaduto pop3s.pem

fabiolagana.net » SSL

Creating an SSL-certificate for my webserver

Update Expired SSL Certs