Friday, May 21, 2010

Creating a self signed certificate

On development and test systems, you are ususally using a self-signed certificate. Why the SSL servers key needs any certificate at all, and cannot simply use its key pair, is beyond my imagination, but be that as it may: It wouldn't be a problem, if there would be a really simple way to create a self signed certificate. What is the problem with writing a simple program that asks me a few questions like "fully qualified host name of the SSL server", or "organization name" and in reply creates a private key and a self certified public key? My personal guess is that openssl's command line interface is so darned complex that it's hard to dare to make it simple...

But obviously, I am not the only one asking for such a solution. There is help: Red Hat Linux, Fedora, or CentOS are shipped with a really simple tool called "genkey". See

Thanks, guys!

No comments: