– needs testing
For production systems you will need to get SSL certificates from a Certificate Authority. For test systems, creating a self-signed SSL certificate and keys using OpenSSL is quite easy.
You will need to have OpenSSL installed.
Create a public/private key file pair:
| Expand |
|---|
|
Create a new directory on the drive Iguana is installed and give it an appropriate name (i.e., Test). Open a Command Prompt window and go to the new directory. For example Type the path of the OpenSSL install directory, followed by the RSA key algorithm. For example: | Code Block |
|---|
c:openssl\bin\openssl genrsa -out privkey.pem 4096 |
You will see the key being generated: | Code Block |
|---|
Loading 'screen' into random state - done
Generating RSA private key, 4096 bit long modulus
.................................+++
...........................................+++
e is 65537 (0x10001) |
Run the following command to split the generated file into separate private and public key files | Code Block |
|---|
c:openssl\bin\openssl rsa -in privkey.pem -out pubkey.pem -pubout -outform PEM |
|
| Expand |
|---|
|
Use the ssh-keygen utility which is included as part of most POSIX systems. Create a new directory and give it an appropriate name (i.e., Test). Open a Command Prompt window and go to the new directory. For example: Use the rsa option to create a public private key pair (using your email as a comment): | Code Block |
|---|
ssh-keygen -t rsa -b 4096 -C "your_email@example.com" -m PEM |
|
Create a certificate file:
| Expand |
|---|
|
Open a command prompt window and go to the directory you created earlier for the public/private key file. For example:
Enter the path of the OpenSSL install directory, followed by the self-signed certificate algorithm. For example:
| Code Block |
|---|
c:openssl\bin\openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095 |
Follow the instructions that appear in the screen. For example:
| Code Block |
|---|
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CA
State or Province Name (full name) [Some-State]:Ontario
Locality Name (eg, city) []:Toronto
Organization Name (eg, company) [Internet Widgits Pty Ltd]:iNTERFACEWARE
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []: |
|
...