![]() ![]()
Run this command: openssl req -x509 -new -nodes -key root_self_CA.key -sha256 -days 1024 -out root_self_CA.pem The next step is to actually self-sign our certificate. #Conncet to remote db robo 3t password#Of note, we are using DES3 so we can encrypt it with a password (highly recommended). Also, do not forget its password!Īs a quick reference, we use the genrsa (generate RSA key) openssl command with the -des3 argument for encrypting the private key with DES3 cipher before generating the final key. Remember this must be kept private and hidden. It generates a 2048 bit - password protected key. This command uses the openssl tool to generate our key. Run the following command: openssl genrsa -des3 -out root_self_CA.key 2048 This must be kept private, since it is the key to sign further client certificates. OK, so the first step is to create our private root key. In my case, I am running these commands under /etc/ssl directory, which requires "sudo". ![]() Note: For running these commands, depending on which location you choose to run them, you may require administrator privileges. Naturally, you can compensate these weaknesses with further security measures, like connecting in a secure VPC, firewall rules, etc. Although you can still use self-signed certificates, this type of certificates could be vulnerable to man-in-the-middle attacks. Note : In production environment, always use valid certificates generated by valid certificate authorities.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |