tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Best pratices for creating an SSL certificate


I would like to use OpenSSL to create an SSL certificate for an
Internet service and spend a bit of money to get it signed by one
of the usual certificate authorities.

Before I spend the money I would like to make sure that I create a
sensible (secure) certificate. In the past I've used something like this:

[ req ]
default_bits            = 2048
default_days            = 380
default_md              = sha1

prompt                  = no
distinguished_name      = foo_bar_distinguished_name

x509_extensions         = foo_bar_extensions

[ foo_bar_distinguished_name ]
commonName              =
stateOrProvinceName     = Some State
countryName             = UK
emailAddress            =
organizationName        = Foo Bar

[ foo_bar_extensions ]
basicConstraints        = CA:false

Are these settings safe enough? Is a stronger message digest algorithm
than SHA1 widely support? Should I switch of MD5 and how?

        Kind regards

Matthias Scheler                        

Home | Main Index | Thread Index | Old Index