TLS/SSL is a public/private key infrastructure. Each client and each
server must have a private key. A private key is created like this:
- openssl genrsa -out ryans-key.pem 1024
+ openssl genrsa -out ryans-key.pem 2048
All servers and some clients need to have a certificate. Certificates are public
keys signed by a Certificate Authority or self-signed. The first step to
getting a certificate is to create a "Certificate Signing Request" (CSR)
file. This is done with:
- openssl req -new -key ryans-key.pem -out ryans-csr.pem
+ openssl req -new -sha256 -key ryans-key.pem -out ryans-csr.pem
To create a self-signed certificate with the CSR, do this: