Secure Socket Layer (SSL) is an improved version of Transport layer Security (TLS). Both of these protocols primary work is to secure data when there is a issue to transmit from one user end to another user end. Usually there are server certification authorities we can get on the market. But this is not always necessary to use a certificate from there. We can create our own certificate and use that for authorization.
On this article we will discuss about how this protocol works and how we can configure and generate certificates for our servers.
At the beginning of the digital communication every single data used to transfer as a plain data and that become a potential threat to so many organizations. Eventually many organizations suffer several attacks on their data and they had to cost a good amount of money because of this. After a long research the community start to generate few encryption system so that the data can be secured and can be transferred using some encryption method so that an attacker cannot retrieve the plain data. Usually we see few encryption methods which usually follows a particular mathematical equation or method. An attacker can retrieve the real data only he knows the parameters of that data.
Now how we can implement this on our server and how we can generate self signed certificates in our server.
First of all make sure the server the updated. To update the server we need to run the below command.
#yum update –y
Once the update is complete then we have to create a container folder for the certificated and the keys. So let’s create a directory into the etc directory and let’s give that a name ssl
Now as we know there are two kind of components we usually generate from ssl tools. One is key and another is certificate. So it is better to put them in different directory, so that we can navigate them easily.
Now go to the ssl direcoty and create two more directories.
Once these works are done we need to install openssl in our server to create keys and certificates.
#yum install openssl –y
Once the openssl is installed we need to follow the below commands to generate our first key and certificate.
# openssl genrsa -out “/etc/ssl/private/testkey.key” 2048
Then if we check we will get a file named testkey.key file. So let’s check, if the file is created or not.
#ls –l /etc/ssl/private
Now we need to create a certificate using this key file.
# openssl req -new -key “/etc/ssl/private/testkey.key” -out “/etc/ssl/cert/testkey.csr”
On this stage we will be taken into a consol where we have put some required information and then the .csr file will be generated. The required information are given below.
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) :New York
Organization Name (eg, company) [Internet Widgits Pty Ltd]:System network and programming technologies
Organizational Unit Name (eg, section) :technology
Common Name (e.g. server FQDN or YOUR name) :sysnetprotech.com
Email Address :email@example.com
Now we need to create the certificate using the below command.
# openssl x509 -req -days 365 -in “/etc/ssl/cert/testkey.csr” -signkey “/etc/ssl/private/testkey.key” -out “/etc/ssl/cert/testkey.crt”
Finally we have a certificate and a key which we can use for our server authenticity.
On next article we will show how we can integrate our certificate with our apache server.