How to create .pem files for https web server

https ssl node.js webserver pem

Solution 1:

The two files you need are a PEM encoded SSL certificate and private key. PEM encoded certs and keys are Base64 encoded text with start/end delimiters that look like -----BEGIN RSA PRIVATE KEY----- or similar.

To create an SSL certificate you first need to generate a private key and a certificate signing request, or CSR (which also contains your public key).You can do this in a variety of ways, but here's how in OpenSSL.

openssl req -newkey rsa:2048 -new -nodes -keyout key.pem -out csr.pem

This will cause you to enter an interactive prompt to generate a 2048-bit RSA private key and a CSR that has all the information you choose to enter at the prompts. (Note: Common Name is where you'll want to put the domain name you'll be using to access your site.) Once you've done this you would normally submit this CSR to a trusted certificate authority and once they've validated your request you would receive a certificate.

If you don't care about your certificate being trusted (usually the case for development purposes) you can just create a self-signed certificate. To do this, we can use almost the same line, but we'll pass two extra parameters.

openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem

This will give you a cert (valid for 10 years) and key pair that you can use in the code snippet you posted.

Solution 2:

Just follow this procedure :

  1. create the folder where you want to store your key & certificate :

    mkdir conf

  1. go to that directory :

    cd conf

  1. grab this ca.cnf file to use as a configuration shortcut :

    wget https://raw.githubusercontent.com/anders94/https-authorized-clients/master/keys/ca.cnf

  1. create a new certificate authority using this configuration :

    openssl req -new -x509 -days 9999 -config ca.cnf -keyout ca-key.pem -out ca-cert.pem

  1. now that we have our certificate authority in ca-key.pem and ca-cert.pem, let's generate a private key for the server :

    openssl genrsa -out key.pem 4096

  1. grab this server.cnf file to use as a configuration shortcut :

    wget https://raw.githubusercontent.com/anders94/https-authorized-clients/master/keys/server.cnf

  1. generate the certificate signing request using this configuration :

    openssl req -new -config server.cnf -key key.pem -out csr.pem

  1. sign the request :

    openssl x509 -req -extfile server.cnf -days 999 -passin "pass:password" -in csr.pem -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem

I found this procedure here, along with more information on how to use these certificates.

Related

Making sure /usr/local/bin is in my $PATH on mac
How do I include a HTML file in a Jinja2 template?
in entity framework code first, how to use KeyAttribute on multiple columns
Difference between System.getenv() & System.getProperty() [duplicate]
How to create json by JavaScript for loop?
Debug.Assert vs Exception Throwing
how to add new <li> to <ul> onclick with javascript
How to print to console using swift playground?
What is default list styling (CSS)?
Weighted standard deviation in NumPy
Can an incomplete geodesic intersect a point infinitely many times?
Second Order Nonhomogeneous Differential Equation (Method of Undetermined Coefficients)