Using the OpenSSL self-signed server HTTPS certificate

OpenSSL official recommendation Win32 executable version download:
Http://www.slproweb.com/products/Win32OpenSSL.html

Ca.key CA Private Key:

OpenSSL genrsa-des3-out Ca.key 2048

Make the decrypted CA private key, but this step is generally not required:

OpenSSL rsa-in ca.key-out Ca_decrypted.key

CA.CRT CA Root certificate (public key):

OpenSSL req-new-x509-days 7305-key ca.key-out ca.crt

Servers Server private key:

OpenSSL genrsa-des3-out Server.key 2048

Make the decrypted server server private key (Win+apache requires the decrypted server private key):

OpenSSL rsa-in server.key-out Server.key2

To generate a signing request from the server private key for the CSR file:

OpenSSL Req-new-key server.key-out SERVER.CSR

# # #注意如果是服务器证书, commonname input domain name, such as *.creke.net, support * Wildcard, the contents after the mailbox can be filled out, if you generate a personal certificate, such as used to encrypt signed e-mail, commonname enter the name, EmailAddress is e-mail address # # #

Use root CA to sign user

Files used: SERVER.CSR, Ca.crt,ca.key

OpenSSL ca-in server.csr-out server.crt-cert ca.crt-keyfile Ca.key

If Root does not have a password, enter two "Y" after the above command to generate SERVER.CRT success.

If an error is found, determine if the directory under which the OpenSSL command is running has the following folder:

-democa (First level)
–newcerts (Level Two)
–private (Level Two)

And the Democa folder has the following files:
Democa-index.txt
–serial

Index.txt is a blank file, enter a number in the serial file such as: 123.

#############################################

Three step operation complete, attach the root CA CRT format to the DER Format command:

OpenSSL x509-in ca.crt-outform der-out Ca.der

The DER format applies to the mobile device import root certificate.

Http://blog.creke.net/736.html

Use OpenSSL self-signed server HTTPS certificate