Re: OT, self-signed ssl certificate generation
- Reply: bob prohaska : "Re: OT, self-signed ssl certificate generation"
- In reply to: bob prohaska : "OT, self-signed ssl certificate generation"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 29 Aug 2024 09:00:23 UTC
On 8/4/24 03:48, bob prohaska wrote: > [no ssl list, posting here because it might be a platform issue] > > In trying to get ssl working for apache24 I tried to follow the > instructions for self-signed certificate generation at > https://docs.freebsd.org/en/books/handbook/security/index.html > in section 16.8.1, Generating Certificates. > > The first example for generating a key and signing request > behaved as expected, generating a cert.key and req.pem file. > > The second example, for a self-signed certificate, adjusted to: > openssl req -new -x509 -days 365 -sha3-512 -keyout host.key -out host.crt Hi, This command works for me. So I think you should look further what fails. That it does not prompt for user input sounds like openssl does not execute properly. What is the exit code of running the command? Does it give any output? Mine gives: $ openssl req -new -x509 -days 365 -sha3-512 -keyout host.key -out host.crt .+.+...+.....+.+...............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+...+...........+...+..........+...........................+......+..+.+.................+.........+...+...+..........+..............+.+..+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+..............+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ..........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+...+...+.+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.........+...+.+............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:NL State or Province Name (full name) [Some-State]:NH Locality Name (eg, city) []:Amsterdam Organization Name (eg, company) [Internet Widgits Pty Ltd]:Henk Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:henk.example.org Email Address []:henk@example.org Regards, Ronald. > to place the output files in the working directory, generated only an > empty host.key and no host.crt > > It also didn't prompt for user input, which the first example > did ask for. > > Any hints as to what I'm doing wrong would be much appreciated! > > Thanks for reading, >