Tag: Server Certificate

Windows: Generate CSR key with IIS7

This article used to guide you on how to generate CSR(Certificate Signing Request) key from IIS7.

1. Select Start -> Administrative Tools -> Internet Information Services (IIS) Manager or run from Windows Run with command “inetmgr”.
2. In the IIS Manager, choose your server name.
3. In your Middle panel, select Server Certificate.
4. Select on the “Create Certificate Request option” in the right panel.
5. In the Wizard, enter your information like image above.
6. Next, remain the service provider and change the bit length to at least 2048. You are advise to select 2048 and above for better security.
7. Save your certificate.

Creating SSL MySQL from Linux

SSL certificate always used to encrypted the data file and it is actually supported for database as well.

Today, I will guide you on how to create SSL for MySQL. With this article, I will use OpenSSL as an example.

Please refer to the following command line.
======================
# Create clean environment
shell> rm -rf newcerts
shell> mkdir newcerts && cd newcerts

# Create CA certificate
shell> openssl genrsa 2048 > ca-key.pem
shell> openssl req -new -x509 -nodes -days 1000 \
-key ca-key.pem > ca-cert.pem

# Create server certificate
shell> openssl req -newkey rsa:2048 -days 1000 \
-nodes -keyout server-key.pem > server-req.pem
shell> openssl x509 -req -in server-req.pem -days 1000 \
-CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem

# Create client certificate
shell> openssl req -newkey rsa:2048 -days 1000 \
-nodes -keyout client-key.pem > client-req.pem
shell> openssl x509 -req -in client-req.pem -days 1000 \
-CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
======================

# Create clean environment
shell&gt; <strong class="userinput"><code>rm -rf newcerts</code></strong>
shell&gt; <strong class="userinput"><code>mkdir newcerts &amp;&amp; cd newcerts</code></strong>

# Create CA certificate
shell&gt; <strong class="userinput"><code>openssl genrsa 2048 &gt; ca-key.pem</code></strong>
shell&gt; <strong class="userinput"><code>openssl req -new -x509 -nodes -days 1000 \</code></strong>
         <strong class="userinput"><code>-key ca-key.pem &gt; ca-cert.pem</code></strong>

# Create server certificate
shell&gt; <strong class="userinput"><code>openssl req -newkey rsa:2048 -days 1000 \</code></strong>
         <strong class="userinput"><code>-nodes -keyout server-key.pem &gt; server-req.pem</code></strong>
shell&gt; <strong class="userinput"><code>openssl x509 -req -in server-req.pem -days 1000 \</code></strong>
         <strong class="userinput"><code>-CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 &gt; server-cert.pem</code></strong>

# Create client certificate
shell&gt; <strong class="userinput"><code>openssl req -newkey rsa:2048 -days 1000 \</code></strong>
         <strong class="userinput"><code>-nodes -keyout client-key.pem &gt; client-req.pem</code></strong>
shell&gt; <strong class="userinput"><code>openssl x509 -req -in client-req.pem -days 1000 \</code></strong>
         <strong class="userinput"><code>-CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 &gt; client-cert.pem</code></strong>