Installing OpenSSL, Other Notes. Because: Security

I am in the process of setting up an SSL (Secure Sockets Layer) Cert to enable HTTPS on some sites and APIs I’m building. In that effort I needed to setup OpenSSL to create a CSR (Certificate Signing Request) and get the process started. Here’s the steps I went through to accomplish this. First download OpenSSL.

Next make sure you have the prerequisites installed:

  • make
  • Perl 5
  • ANSI C Compiler
  • Dev Environment  in form of dev libraries and C header files
  • Supported Unix Operating System (i.e. – not windows, you’ll have to google those directions separately, for these steps though, get a *nix OS)

Get the zipped contents of the OpenSSL into a working directory to build them. Then follow the standard config, make, and make install steps below.

make test
make install

Once you have that installed there are a number of actions you can perform. Here’s a few.

  • Create a CSR (Certificate Signing Request):
    openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key

    This creates a CSR.csr and privateKey.key file for use for SSL.

  • Create a self-signed certificate:
    openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

    Self signed certificates are great to use on local servers that are used internally, great for dev servers that need SSL, and similar reasons. For most dev needs there is no need to purchase an extra certificate for SSL, just generate one yourself and use it for development purposes.

  • Check a CSR:
    openssl req -text -noout -verify -in CSR.csr
  • Check a private key:
    openssl rsa -in privateKey.key -check
  • Check a cert:
    openssl x509 -in certificate.crt -text -noout
  • Generate a cert signing request from existing cert:
    openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key
  • Removing a pass key:
    openssl rsa -in privateKey.pem -out newPrivateKey.pem
  • Generate a CSR for an existing private key:
    openssl req -out CSR.csr -key privateKey.key -new

More to come in the near future. I’ve almost got this SSL mess straightened out and am putting together a more complete how-to.