I want to create a self signed security certificate for one of my web sites - I need this to develop the site first and then buy one.

The problem is that I have no clue how to do this and this forum seems to be the most active that I could find.[:D]

Thanks

ill do it for you NP or supply you a nice script/config i use ... email me ...

Now that was a fast solution to my problem!

loosecannon, I've send you mail.

Thanx

here is a quick way to generate a CA and site certificate i do this to allow multiple certificates
with there own names without to much PT also use the CA on all workstations for TLS mail alla pop3s/imaps/smtps on the network ...

the directory i use is non standard /etc/openssl ... and as i run freeswan i keep the private key in the freeswan directory ...

#Generate A CA Certificate [Self Signed]
/usr/bin/openssl req -x509 -newkey rsa:2048 -days 1460 -nodes \
-out /etc/ipsec.d/cacerts/cacert.pem \
-keyout /etc/openssl/private/cakey.pem \
-config /etc/openssl/ca.conf
#Generate A Server Cert
/usr/bin/openssl req -newkey RSA -out /etc/openssl/server.pem \
-keyout /etc/ipsec.d/private/serverkey.pem -config /etc/openssl/server.conf
#Sign The Cert
/usr/bin/openssl ca -batch -in /etc/openssl/server.pem -out /etc/openssl/server.sign.pem \
-config /etc/openssl/ca.conf

#CRL Goodies
/usr/bin/openssl ca -gencrl -out /etc/openssl/crl.pem -config /etc/openssl/ca.conf
/usr/bin/openssl crl -in /etc/openssl/crl.pem -outform DER -out /etc/ipsec.d/crls/crl.der

-------------
server.conf <<<
HOME = .
RANDFILE = $ENV::HOME/.rnd

[ req ]
default_bits = 1024
distinguished_name = req_distinguished_name
attributes = req_attributes
prompt = no
encrypt_key = no
req_extensions = usr_cert

[ req_distinguished_name ]
C = ZA
ST = GA
L = Sandton
O = Network Sentry Security Solutions
OU = Network Sentry Server Certificate
CN = firewall.networksentry.co.za
emailAddress = root@firewall.networksentry.co.za

[ usr_cert ]
basicConstraints = CA:FALSE
nsComment = "Generated By Network Sentinel Solutions Firewall"
subjectAltName = DNS:firewall.networksentry.co.za,email:root@firewa ll.networksentry.co.za,IP:10.10.255
.1

[ req_attributes ]
------------

the ca.conf <<<
HOME = .
RANDFILE = $ENV::HOME/.rnd

oid_section = new_oids

[ new_oids ]

[ ca ]
default_ca = CA_default

[ CA_default ]
dir = /etc/openssl
certs = $dir/certs
database = $dir/index.txt
new_certs_dir = $dir/newcerts
certificate = /etc/ipsec.d/cacerts/cacert.pem
serial = $dir/serial
crl = $dir/crl.pem
private_key = $dir/private/cakey.pem
RANDFILE = $dir/private/.rand
default_days = 1460
default_crl_days = 30
default_md = md5
preserve = no
policy = policy_match
x509_extensions = usr_cert
crl_extensions = crl_ext
copy_extensions = copy

[ policy_match ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
subjectAltName = optional

[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
subjectAltName = optional

[ req ]
default_bits = 1024
distinguished_name = req_distinguished_name
prompt = no
default_days = 1460
x509_extensions = v3_ca

[ req_distinguished_name ]
C = ZA
ST = GA
L = Sandton
O = Network Sentry Security Solutions
OU = Head Office
CN = Network Sentry Solutions CA
emailAddress = support@networksentry.co.za

[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20

[ usr_cert ]
basicConstraints = CA:FALSE
nsComment = "Signed By Network Sentinel Solutions Firewall"
subjectKeyIdentifier = hash
#issuerAltName = issuer:copy
authorityKeyIdentifier = keyid,issuer:always
keyUsage = nonRepudiation, digitalSignature, keyEncipherment

[ v3_req ]
basicConstraints = CA:TRUE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment

[ v3_ca ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints = CA:TRUE
nsComment = "Generated On Network Sentinel Solutions Firewall"
#issuerAltName = issuer:copy

[ crl_ext ]
#issuerAltName = issuer:copy
authorityKeyIdentifier = keyid:always,issuer:always
----------------------