A trusted certificate is one that is purchased from a trusted certificate authority (CA), such as www.verisign.com. Internet facing production applications should use a certificate from a trusted CA. For non-production applications, a self-signed certificate can be used. Applications, such as a web browser, will complain when a self-signed certificate is used.
Use apt-get or yum to install OpenSSL.
~]# apt-get install openssl
~]# yum install openssl
Private key
This assumes you've already created a private key, such as example.com.key. If not, refer to our article on creating a private key.
Certificate
Create an ECDSA certificate.
~]# openssl req -x509 -new -key /etc/pki/tls/private/ec_private.key -out /etc/pki/tls/certs/ec_certificate.crt
There will be a series of prompts.
Area | Example | Description |
---|---|---|
Password | myPassword | Password |
Country Name | US | United States |
State/Province | FL | Florida |
Locality Name | Miami | City |
Organization Name | Example, Inc. | Company name |
Organization Unit Name | Example, Inc. | Company name |
Common Name | www.example.com | Domain name |
Email Address | admin@example.com | Admin email |
View the content of the ec_certificate.crt file and ensure BEGIN CERTIFCATE is displayed.
~]# cat /etc/pki/tls/certs/certificate.crt
-----BEGIN CERTIFICATE-----