generating self signed certificate with openSSL

Hi

All you people might know what is SSL and why should we use SSL? But few of people know only how to configure SSL for nginx server.

What is SSL?

SSL means secure socket layer which will work on application layer of TCP/IP network model. It will be used for secure communication between two computers.

How SSL works ?

SSL uses asymmetric cryptography ( public key cryptography). It generates two keys. 1) public key and 2) private key. By using these two keys data encryption and decryption done.

Why SSL certificate?

SSL certificate would be used to that the server your communicating is genuine or not.

Now to generate certificate we have many tools available. Among them openSSL is one tool. After certificate generation has done we have signed that certificate with CA ( certificate Authority like Thawte) or we can generate self signed certificate for testing purpose. Here is the steps to follow for self signed certificate:

1)  Generate a Private Key :

 openssl genrsa -des3 -out server.key 1024 # generates private key using RSA algorithm of length 1024

2)  Generate a CSR (Certificate Signing Request)


openssl req -new -key server.key -out server.csr

3)  Remove Passphrase from Key


cp server.key server.key.org
openssl rsa -in server.key.org -out server.key

4) Generating a Self-Signed Certificate


openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Now you have self signed certificate on your hand. Now we have to configure this certificate with nginx webserver. Proir to the installation we have configure ssl module for your nginx server. After that copy .crt file and .key files into appropriate locations.

Now how we will came to know whether SSL properly configured or not. To verify, access your website and observer there would be one lock will be appear on the status bar of the web browser. Nothing to worry if it will say not authorized certificate because the certificate is self signed. Click on the lock symbol and you will the certificate.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s