4

I'm trying to make a private key for an SSL certificate on localhost using wamp64. I have downloaded the Shining Light Productions OpenSSL for windows 64 bit and I can make a private key using sha1.

The following bit of code works (to my relief)

openssl req -new -x509 -nodes -sha1 -key private.key -out certificate.crt - days

However when opening the site in Chrome50+ it informs me that the site is not secure because of the SHA1 depreciated through its security vulnerabilities.Can I use x509 with sha256 or is there a better command?

Asa
  • 125
  • 1
  • 3
  • 12
  • Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Super User](http://superuser.com/) or [Unix & Linux Stack Exchange](http://unix.stackexchange.com/) would be a better place to ask. Also see [Where do I post questions about Dev Ops?](http://meta.stackexchange.com/q/134306) – jww Mar 17 '17 at 14:02
  • ***`CN=example.com`*** is probably wrong. Hostnames always go in the *SAN*. If its present in the *CN*, then it must be present in the *SAN* too (you have to list it twice in this case). For more rules and reasons, see [How do you sign Certificate Signing Request with your Certification Authority](http://stackoverflow.com/a/21340898/608639) and [How to create a self-signed certificate with openssl?](http://stackoverflow.com/q/10175812/608639) – jww Mar 17 '17 at 14:03

1 Answers1

7

Yes, you can use sha256. Try with -sha256 option (instead of -sha1):

openssl req -new -x509 -nodes -sha256 ....
  • 1
    This worked I was wondering whether X509 was going to play along with the updated hash. Thanks you earned an easy point. ;) – Asa Mar 17 '17 at 14:42