====== OpenSSL ======
===== SSL background =====
[[rb:sslbackground|SSL background]] \\
====== Create self signed cert ======
This creates an sha2 hash (sha1 is deprecated), ''nodes'' does not add password, 4096 bits should be good for the lifetime of the cert.
# openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 10000 -nodes -sha256
Use -subj to set defaults without requiring CLI input
openssl req -x509 -nodes -days 10000 -newkey rsa:2048 -keyout test.key -out test.crt \
-subj /C=GB/ST=Warks/L=City/O=Rainsbrook/OU=systems/CN=*.rainsbrook.co.uk
====== Decode certs,etc... ======
openssl x509 -in yoursitecert.crt -noout -text
====== Online cipher code generator ======
[[https://mozilla.github.io/server-side-tls/ssl-config-generator/]]
====== SSL Server Test ======
[[https://www.ssllabs.com/ssltest/analyze.html]]