Skip to Main Content
Linux Security Cookbook
book

Linux Security Cookbook

by Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes
June 2003
Intermediate to advanced content levelIntermediate to advanced
336 pages
8h 54m
English
O'Reilly Media, Inc.
Content preview from Linux Security Cookbook

4.7. Generating an SSL Certificate Signing Request (CSR)

Problem

You want to obtain an SSL certificate from a trusted certifying authority (CA).

Solution

Generate a Certificate Signing Request (CSR):

               Red Hat:
$ make -f /usr/share/ssl/certs/Makefile filename.csr

SuSE or other:
$ umask 077
$ openssl req -new -out filename.csr -keyout privkey.pem

and send filename.csr to the CA.

Discussion

You can obtain a certificate for a given service from a well-known Certifying Authority, such as Verisign, Thawte, or Equifax. This is the simplest way to obtain a certificate, operationally speaking, as it will be automatically verifiable by many SSL clients. However, this approach costs money and takes time.

To obtain a certificate from a commercial CA, you create a Certificate Signing Request:

$ make -f /usr/share/ssl/certs/Makefile foo.csr

This generates a new RSA key pair in the file foo.key, and a certificate request in foo.csr. You will be prompted for a passphrase with which to encrypt the private key, which you will need to enter several times. You must remember this passphrase, or your private key is forever lost and the certificate, when you get it, will be useless.

openssl will ask you for the components of the certificate subject name:

Country Name (2 letter code) [GB]: State or Province Name (full name) [Berkshire]: Locality Name (eg, city) [Newbury]: Organization Name (eg, company) [My Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Linux Administration Cookbook

Linux Administration Cookbook

Adam K. Dean

Publisher Resources

ISBN: 0596003919Errata Page