Barry's notes on computer software and hardware 2026-05-21T03:39:29-07:00 urn:uuid:d7702658-922f-dfe8-d6e6-f63ecd226979 urn:uuid:2b596b7e-9588-27c1-a7da-5fa4fcf8e960 2015-05-04T08:40:39-07:00 Barry Pederson bp@barryp.org <p>Put in a actual, recognized SSL Certificate on the site, and setup redirects to run everything through that now.<br /> </p> <p>Figured that was a reasonable thing to do because people are still occasionally downloading old software from this site, and the cert was free for the year (Gandi).<br /> </p> <p>Hopefully by the time it expires the <a href="https://letsencrypt.org/">Let's Encrypt</a> service will be up and running.</p> urn:uuid:43d57ffd-91e3-e119-38de-b3879d29eb5d 2006-02-15T15:07:45-08:00 Barry Pederson bp@barryp.org <p>Quite often I find myself needing to generate self-signed certificates for use with <a href="http://www.openssl.org">OpenSSL</a>. There are only three steps required... </p> <p>Generate a key file, named <code>ssl.key</code> for example: </p> <pre><code>openssl genrsa -out ssl.key 1024 </code></pre><p>Generate a Certificate Signing Request for the key, named <code>ssl.csr</code> in this example. You'll be asked a bunch of questions, when asked for <code>Common Name (eg, YOUR name)</code> be sure to enter the domain-name you're making the certificate for (such as <code>www.foobar.edu</code>). </p> <pre><code>openssl req -new -key ssl.key -out ssl.csr </code></pre><p>Generate a signed certificate given the request and key, valid for 10 years (3650 days) and named <code>ssl.crt</code> in this example. When you're done, the <code>ssl.key</code> and <code>ssl.crt</code> files are what you usually need to install in your server. <br /> </p> <pre><code>openssl x509 -req -days 3650 -in ssl.csr -signkey ssl.key -out ssl.crt </code></pre><p>As a bonus, here's how to view the contents of a certificate file named <code>ssl.crt</code> </p> <pre><code>openssl x509 -in ssl.crt -text </code></pre>