Create a CA signed certificate (for dummies, on Mac OS)
If you develop website you may need to provide https connection.
Usually you would use self signed certificates. Google is full of website which explain how to do that: http://www.google.com/#q=self+signed+certificate
In some cases it may be useful to have a certificate signed by a Certificate Authority: You may add this Certificate Authority public key to your keychain and allow your browser to behave exactly as if you were using a “real” properly signed certificate.
We will see here how to create a Certificate Authority and use it to sign a certificate on MacOS X.
This article is based on this one: http://www.systemx.fr/linux/openssl/openssl-p.html.
First, check that openssl is installed:
$ which openssl
Then have a look at the openssl.cnf file which defines the parameters. We will use the MacOS default parameter execpt for the dir one:
$ sudo vim /opt/local/etc/openssl/openssl.cnf
dir = .
Then create a new folder and change directory to it.
Create some useful folders and files:
echo "01" > serial
Create you Certificate Authority:
openssl req -new -x509 -newkey rsa:2048 -keyout private/cakey.pem -out cacert.pem -days 3650
Create the certificate and the request:
sudo openssl req -new -nodes -newkey rsa:1024 -keyout private/kwrd.key -out req/kwrd.req -days 1095
The commonName should be the domain name for your server, such as www.my-company.com.lb. Note that you can use wildcards *.my-company.com.lb so that your certificate can be used for different sub-domains.
Sign you certificate with the Certificate Authority:
sudo openssl ca -policy policy_anything -out certs/kwrd.pem -in req/kwrd.req
Now you should see these files:
Install your certificate on your web server. On Apache it will looks like this:
On the client computers add the CA public key cacert.pem to your keychain.
[Edit] You can fin here The Cheapest SSL Certificates (And Whether You Should Use Them).
Like this Article? Share it!
About the Author
Paris, Beirut, NYC & Agen // e-commerce, social media, open-source & geek // follow me on twitter: @benjaminbellamy.