Jump to content


Welcome to 247fixes PC Help Forum

Welcome to 247fixes PC Help Forum! Like most online communities you must first register to view or post in our community, but don't worry this is a simple free process that requires minimal information. Take advantage of it immediately, Register Now or Sign In.

Please read over Welcome To 247Fixes to learn more about our site.

  • Start new topics and reply to others
  • Subscribe to topics and forums to get automatic updates
  • Add events to our community calendar
  • Get your own profile and make new friends
  • Customize your experience here
Guest Message by DevFuse
 

Tutorial info Visit support topic

  • Added on: Jan 27 2013 02:08 PM
  • Date Updated: Sep 02 2016 08:35 AM
  • Views: 1117
 


* * * * *
1 Ratings

Generating SSL Certificates

Some times, people come across the need for an SSL certificate for various reasons. One of those reasons would be to securely identify yourself to a service, such as a website, IRC Network, and more.

Posted by Dominick M. on Jan 27 2013 02:08 PM

Requirements (What you will need)

  • Linux shell
  • OpenSSL
With OpenSSL libraries on a linux shell/server that you have access to, login to that box. I use WinSCP or PuTTY depending on what it is I am trying to do, however for this proceedure you will need a solid command line, so I would recommend the use of PuTTY.

 

I am writing this tutorial in the standpoint of an IRC Network Administrator, to teach IRC Users how to ensure you are using a "genuine" SSL connection. The names of the certificate can vary to whatever you need it to be, but in this instance we will use "nick" as the certificate name.

 

After logging into your box, you should be at your home directory (/home/youruserhere) unless the server you're logging into has a special setup for it's SSH users. To generate a SSL certificate, we are going to use the "openssl" command with the "req" command argument.

openssl req -nodes -newkey rsa:2048 -keyout user.key -x509 -days 3650 -out user.cer 
Generating a 2048 bit RSA private key
writing new private key to 'user.key'
You will see a questionnaire to add information to the certificate you are trying to generate. You want to answer the questions asked truthfully, or your SSL Certificate can be questioned and denied by the server you're trying to contact. (It's all based on GeoIP, which locates your IP. If you have an SSL Certificate that says you're elsewhere, smarter systems will reject your request.)
-----
Country Name (2 letter code) [US]: YOURCOUNTRYCODE
State or Province Name (full name) [Texas]: YOURSTATE
Locality Name (eg, city) [San Antonio]: YOURCITY
Organization Name (eg, company) []: YOURTEXTHERE
Organizational Unit Name (eg, section) [IT]: YOURTEXTHERE
Common Name (eg, YOUR name) []: YOUR SERVER'S NAME (Your name if this is a personal certificate for client side auth)
Email Address []: EMAILHERE
If you don't have an organization name or organizational unit name, you can substitute the answers with a period (.) and they will be left empty.

 

After generating this certificate, we want to make sure it can't be read from unauthorized parties. To do this in Linux, type this command:

chmod 400 user.key
Curiosity killed the cat, but never said anything about linux users. Should you want to actually see the contents of your newly generated certificate, you can key in this command to the shell
openssl x509 -noout -fingerprint -text < user.cer
Okay, look at you guru! You have yourself a .key and .cer. What do we do from here?

 

Combine the nick.key and the nick.cer to create nick.pem then adjust permissions so only you can use this certificate (We don't want anyone within the same group using it either, we just want your user to be able to read this information) like so:

 

cat user.cer user.key > user.pem
chmod 400 user.pem
Now you have a shiny new SSL certificate. From there, you can download the certificate and use it in popular IRC clients such as mIRC, irssi, XChat, ChatZilla, and more.

 

If anyone would like a specific break down per IRC Client and how to embed an SSL certificate, let me know.

 

* Note that SSL Certificates cannot be used in web based IRC Clients. You should have a desktop client installed on your system for this to work.

 

** Having self signed SSL Certificates can both help, and hinder your work. Depending on the nature of your browsing the secure socket layer (SSL) internet, It is mostly always best to get a proper SSL Certificate. SSL Certificates for websites and emails are Class 1 Certificates, and in most cases are free to obtain from a proper CA (Certificate Authority).


Powered by Tutorials 1.4.3 © 2017, by Michael McCune