Friday, July 22, 2016

Creating CSR with modern cryptography

I had a post regarding SSL installation at http://jettyapplicationserver.blogspot.com/2015/04/applying-ssl-certificate-to-nginx.html but the procedure on CSR generation is outdated. If you want to protect your website with modern cryptography, you may find this post useful.

By the way, in Chrome you may click the pad lock icon at the address bar to know about a website's SSL connection details.


In this example we will generate a private key named sudo2016.key and CSR file named sudo2016.csr. For your purpose, rename the file names with the names you desire.


Generate an RSA Key

openssl genrsa -out sudo2016.key 4096


Generate CSR

openssl req -out sudo2016.csr -key sudo2016.key -new -sha256


Pre-SSL Certificate Generation

The contents of the CSR will be supplied to the SSL provider. The SSL Provider will generate a number of certificates for you. 

In Name.com, they provide three certificates: Server Certificate, CA Certificate and the Root Certificate.

Different Web Servers have different ways of installing SSL certificates. Usually, the SSL Providers give instruction for every Web Servers.





No comments:

Post a Comment