Generating a self-signed SSL certificate

Chapter 4 Authentication : Certificate-based authentication : Example — Generate an SSL certificate in OpenSSL : Generating a self-signed SSL certificate

This procedures does not require any existing certificates.

1. At the Windows command prompt, go to the OpenSSL bin directory. If you installed to the default location this will be the following command:

cd c:\OpenSSL-Win32\bin

2. Enter the following command to generate the private key. You will be prompted to enter your PEM pass phrase. Choose something easy to remember such as fortinet.

openssl genrsa -des3 -out fgtssl.key 2048

openssl req -new -key fgtssl.key -out fgtssl.csr

openssl x509 -req -days 365 -in fgtssl.csr -signkey fgtssl.key -out fgtssl.crt

These commands:

• generate an RSA 3DES 2048-bit private key,

• generate an SSL certificate signing request, and

• sign the CSR to generate an SSL .CRT certificate file.