diff options
author | Richard Levitte <levitte@openssl.org> | 2003-04-03 22:12:48 +0000 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2003-04-03 22:12:48 +0000 |
commit | 8152d887992c8f15fcf63c7da48c5d8805f1b3b2 (patch) | |
tree | 3273c7b9137fcbcf9b8b83965363c9b77f1bcc4f | |
parent | 4ce4884a5b629843f65a8269b4af1528cb719175 (diff) | |
download | openssl-8152d887992c8f15fcf63c7da48c5d8805f1b3b2.tar.gz |
It's recommended to use req rather than x509 to create self-signed certificates
-rw-r--r-- | doc/HOWTO/certificates.txt | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/doc/HOWTO/certificates.txt b/doc/HOWTO/certificates.txt index d7e16c1da1..d3a62545ad 100644 --- a/doc/HOWTO/certificates.txt +++ b/doc/HOWTO/certificates.txt @@ -71,13 +71,11 @@ received. If you don't want to deal with another certificate authority, or just want to create a test certificate for yourself, or are setting up a certificate authority of your own, you may want to make the requested -certificate a self-signed one. If you have created a certificate -request as shown above, you can sign it using the 'openssl x509' -command, for example like this (to create a self-signed CA -certificate): +certificate a self-signed one. This is similar to creating a +certificate request, but creates a certificate instead of a +certificate request (1095 is 3 years): - openssl x509 -req -in cert.csr -extfile openssl.cnf -extensions v3_ca \ - -signkey privkey.pem -out cacert.pem -trustout + openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095 5. What to do with the certificate |