A trusted certificate is one that is purchased from a trusted certificate authority (CA), such as www.verisign.com. Internet facing production applications should use a certificate from a trusted CA. For non-production applications, a self-signed certificate can be used. Applications, such as a web browser, will complain when a self-signed certificate is used.
Use apt-get or yum to install OpenSSL.
~]# apt-get install openssl ~]# yum install openssl
This assumes you've already created a private key, such as example.com.key. If not, refer to our article on creating a private key.
Create an ECDSA certificate.
~]# openssl req -x509 -new -key /etc/pki/tls/private/ec_private.key -out /etc/pki/tls/certs/ec_certificate.crt
There will be a series of prompts.
|Country Name||US||United States|
|Organization Name||Example, Inc.||Company name|
|Organization Unit Name||Example, Inc.||Company name|
|Common Name||www.example.com||Domain name|
|Email Addressemail@example.com||Admin email|
View the content of the ec_certificate.crt file and ensure BEGIN CERTIFCATE is displayed.
~]# cat /etc/pki/tls/certs/certificate.crt -----BEGIN CERTIFICATE-----