Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Generate a self-signed SSL certificate in PEM format using OpenSSL

0

0

Article ID: KB11255 KB Last Updated: 28 Jun 2010Version: 4.0
Summary:
Using the OpenSSL open source tools found commonly on UNIX operating systems such as Linux and Solaris, it is possible to generate a self-signed SSL certificate in PEM format.
Symptoms:
Generate a self-signed SSL certificate without having a certificate issued by a Certificate Authority or CA.
Solution:
The OpenSSL package must be installed on your operating system as a prerequisite for the steps below.

Step #1:
  Generate a private key using AES256 and a passphrase; store the results in a filenamed "key.pem"

Example:
# openssl genrsa -aes256 -out key.pem
Generating RSA private key, 512 bit long modulus
...............++++++++++++
.....++++++++++++
unable to write 'random state'
e is 65537 (0x10001)
Enter pass phrase for key.pem:
Verifying - Enter pass phrase for key.pem:


Step #2:
Verify the private key generated in Step #1.

# cat key.pem
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,7387154F31DA820FC1F2D9D9A73E2D77
jE0wO5VusbQycWPLbfecu/vHG3eJSViI6Yj98Cje8/vY4m/GQwKdHsM9RNRa+saE
bYkAzA6gSqTG7whu9jDdj2ypZjGuqm9JK9ULDsVe+QDk3W7QU2eV731K5VQzaO/q
8s0jcK85GA+B77SCjjjcGDfsptOxuh2Njsru0Rb2HQQOqcEUMIGMHJXNffHQGC4l
WpE2XGSXPEZl2sJb69KEnaNg+nHBHE5t176QGoK4SsRLjYX7t+eZ8YlhSiSvEtSn
i0J2QAetoBBll/j1Y718BBCpk+khrRJ1Ho8JtXahSbZscsvTkilhBfe83nLn9SwP
rHin+z16WBmvi9PJ9m4Rk7LVBRSCCPGqilX8PX55Z9tTfYHL2hUo6BZQ9Kv580v1
19zmB1IPMUy5JWTUY/2DpDKEuhvuf52BEJhosjwTvws=
-----END RSA PRIVATE KEY-----

Step #3:
  Generate a self-signed SSL x509 certifcate in PEM format using our private key.   Answer the prompts with your company information where the certificate will be used.

Example:
# openssl req -new -x509 -key key.pem -out cert.pem -days 1095
Enter pass phrase for key.pem:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:    
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:

Step #4:  Verify the final SSL certificate generated

Example:
# cat cert.pem
-----BEGIN CERTIFICATE-----
MIICKzCCAdWgAwIBAgIJAPuWUYM53croMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMDgwMTIyMjAzODQ1WhcNMTEwMTIxMjAzODQ1WjBF
MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANRF
nSYHgtPznWEbhLulBps5+uD8FVSecMQc++5jlfO8XweDmu/aqytVNJcekT+cYAb/
IYP+3t5odu39yrk4geMCAwEAAaOBpzCBpDAdBgNVHQ4EFgQUzTm8oxOBySWysvxL
kEOaTx7XKXwwdQYDVR0jBG4wbIAUzTm8oxOBySWysvxLkEOaTx7XKXyhSaRHMEUx
CzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRl
cm5ldCBXaWRnaXRzIFB0eSBMdGSCCQD7llGDOd3K6DAMBgNVHRMEBTADAQH/MA0G
CSqGSIb3DQEBBQUAA0EAOfWauvWMxFGsJjJJDjD8GEn22NaqkhjOEoKykSkURImm
h0jGGbMD9Y0WAr7GL8SULKxsivBLwvF7Zw/bN4RiiQ==
-----END CERTIFICATE-----
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search