Tech Tips

  1. プログラミング
  2. 339 view

Generating ECDSA Self-Signed Certificate

Bethany DrouinによるPixabayからの画像
I wrote the article how to generate RSA SSL Self-Signed Certificate and how to apply it to AWS Application Load Balancer last month.
I studied how to ECDSA SSL Self-Signed Certificate same time. So I’ll share it as well.

How to generate Self-Signed Certificate

At first, please generating a private key using the following command.
$ openssl ecparam -name prime256v1 -out server.key -genkey
$ openssl ec -in server.key -text -noout 
And then, please generate a public key with the following command. I use AWS Tokyo region, so I set “*” as “Common Name”.
$ openssl req -new -key server.key -out server.csr
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:Tokyo
Locality Name (eg, city) [Default City]:       
Organization Name (eg, company) [Default Company Ltd]:zuqqhi2
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:*
Email Address []:
A challenge password []:
An optional company name []:
$ openssl req -text -noout -in server.csr
You can create Self-Signed Certificate using the following command with the private/public key.
$ openssl x509 -in server.csr -days 365 -req -signkey server.key -out server.crt
$ openssl x509 -text -noout -in server.crt

Applying Self-Signed Certificate to AWS ALB

Basically it’s same as the article as I shared. But, ACM cannot import ECDSA SSL certificate as of now. So, please import ECDSA SSL certificate with IAM. You can do it on ALB HTTPS listener setting. Note that you should copy server.key without between “BEGIN PARAMETERS” and “END EC PARAMETERS” during importing private key. If you need to support RSA and ECDSA cipher suites, please refer to the following article (sorry, it’s Japanese article. Please use any translation tool).
$ openssl s_client -connect -servername -cipher ECDHE-ECDSA-AES128-GCM-SHA256 < /dev/null | grep "Cipher"
 New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256
     Cipher    : ECDHE-ECDSA-AES128-GCM-SHA256

$ openssl s_client -connect -servername -cipher ECDHE-RSA-AES128-GCM-SHA256 < /dev/null | grep "Cipher"
 New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
     Cipher    : ECDHE-RSA-AES128-GCM-SHA256

プログラミング recent post

  1. How to Upload Program to Arduino Using Platfo…

  2. How to avoid GPG error when using ROS Docker …

  3. Trying to Develop Visited Countries Colored M…



  1. No comments yet.

  1. No trackbacks yet.