Self Signing Certificates

mikeyt_333 · 06-12-2002, 06:52 PM

I use certificates for accessing company email, so there is no need for a CA like verisign etc... However, I don't know jack about creating certs, and I have just discovered that all certs I create expire within 30 days, here is how I create them:

openssl req -new -key filename.key -x509 -out filename.crt

I found this in a howto. I have read the man pages and what little information is available on the openssl site, but I still don't understand how to create certificates. Can anybody shed some light?

Mike.

unSpawn · 06-13-2002, 01:59 AM

Add arguments like "-days $val" when you make the cert.
Also look at your ssl/ssleay/openssl.conf for default_days, it's under under crl extensions IIRC.

mikeyt_333 · 06-13-2002, 11:46 AM

Thanks for the info, I found it after I had posted the post. Can you recommend a good place for better howto's on certificates etc... Openssl's site doesn't have a single complete document, and the openssl help screens don't explain jack, and the man pages also are pretty cryptic. Is there a howto out there or maybe a book that explains in decent detail how to do things with openssl?

TIA
Mike.

unSpawn · 06-13-2002, 05:58 PM

You mean like http://www.google.com/search?q=openssl+howto ?
Hmm. Guess I got most of it tru the SSL docs, my apache-ssl tarball and the usual Apache-${insert_app_here}-SSL-HOWTO's.