====== OpenSSL ======


===== SSL background =====

[[rb:sslbackground|SSL background]] \\
====== Create self signed cert ======

This creates an sha2 hash (sha1 is deprecated), ''nodes'' does not add password, 4096 bits should be good for the lifetime of the cert.

<code>
# openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem  -days 10000 -nodes -sha256
</code>

Use -subj to set defaults without requiring CLI input
<code> 
openssl req -x509 -nodes -days 10000 -newkey rsa:2048 -keyout test.key -out test.crt \
-subj /C=GB/ST=Warks/L=City/O=Rainsbrook/OU=systems/CN=*.rainsbrook.co.uk
</code>

====== Decode certs,etc... ======


  openssl x509 -in yoursitecert.crt -noout -text 
====== Online cipher code generator ======


[[https://mozilla.github.io/server-side-tls/ssl-config-generator/]]


====== SSL Server Test ======

[[https://www.ssllabs.com/ssltest/analyze.html]]