Table of Contents
OpenSSL
SSL background
Create self signed cert
This creates an sha2 hash (sha1 is deprecated), nodes does not add password, 4096 bits should be good for the lifetime of the cert.
# openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 10000 -nodes -sha256
Use -subj to set defaults without requiring CLI input
openssl req -x509 -nodes -days 10000 -newkey rsa:2048 -keyout test.key -out test.crt \ -subj /C=GB/ST=Warks/L=City/O=Rainsbrook/OU=systems/CN=*.rainsbrook.co.uk
Decode certs,etc...
openssl x509 -in yoursitecert.crt -noout -text
