http://www.freebsdmadeeasy.com/tutorials/freebsd/create-a-ca-with-openssl.php http://www.freebsdmadeeasy.com/tutorials/web-server/apache-ssl-certs.php
Set up directory structure for CA and configure openssl.cnf
.
Set OPENSSL_CONF
environment variable - alternative to specifying -config
argument each time.
openssl req -new -x509 -days 3650 -extensions v3_ca -keyout my-ca.key.pem -out my-ca.cer.pem -config openssl.cnf
Common Name is the domain.
openssl req -new -nodes -keyout www-example-com.key.pem -out www-example-com.req.pem -config openssl.cnf
Sign the request by CA.
openssl ca -days 1095 -in www-example-com.req.pem -out www-example-com.cer.pem -config openssl.cnf
Since the CA certificate is self-signed, Apache needs to serve the CA certificate in addition to the site certificate.
SSLCACertificateFile
openssl x509 -outform der -in myCert.cer.pem -out myCert.cer
openssl pkcs12 -inkey myCert.key.pem -in myCert.cer.pem -export -out myCert.pfx
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout myPrivateKey.pem -out myCert.pem
http://msdn.microsoft.com/en-us/library/windowsazure/dn133792.aspx#bkmk_VPNCertificates
makecert -sky exchange -r -n "CN=My Root CA" -pe -a sha1 -len 2048 -ss My "My Root Ca.cer"
http://msdn.microsoft.com/en-us/library/windowsazure/dn133792.aspx#bkmk_VPNCertificates
makecert.exe -n "CN=name-on-cert" -pe -sky exchange -m 96 -ss My -in "My Root CA" -is my -a sha1
http://charles-blog.appspot.com/tag/pkcs12
Export the private key file from the .pfx file
openssl.exe pkcs12 -in myCert.pfx -nocerts -out myPrivateKey.pem
Import .pem into Puttygen and save as .ppk.
Remove the passphrase from the private key.
openssl.exe rsa -in myPrivateKey.pem -out myPrivateKeyWithoutPass.pem
Add passphrase.
openssl.exe rsa -des3 -in myPrivateKey.pem -out myPrivateKeyPass.pem