Tech Tips

  1. プログラミング
  2. 33 view

Generating ECDSA Self-Signed Certificate

Bethany DrouinによるPixabayからの画像
I wrote the article how to generate RSA SSL Self-Signed Certificate and how to apply it to AWS Application Load Balancer last month.
I studied how to ECDSA SSL Self-Signed Certificate same time. So I’ll share it as well.

How to generate Self-Signed Certificate

At first, please generating a private key using the following command.
$ openssl ecparam -name prime256v1 -out server.key -genkey
$ openssl ec -in server.key -text -noout 
And then, please generate a public key with the following command. I use AWS Tokyo region, so I set “*.ap-northeast-1.elb.amazonaws.com” as “Common Name”.
$ openssl req -new -key server.key -out server.csr
...
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:Tokyo
Locality Name (eg, city) [Default City]:       
Organization Name (eg, company) [Default Company Ltd]:zuqqhi2
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:*.ap-northeast-1.elb.amazonaws.com
Email Address []:
...
A challenge password []:
An optional company name []:
$ openssl req -text -noout -in server.csr
You can create Self-Signed Certificate using the following command with the private/public key.
$ openssl x509 -in server.csr -days 365 -req -signkey server.key -out server.crt
$ openssl x509 -text -noout -in server.crt

Applying Self-Signed Certificate to AWS ALB

Basically it’s same as the article as I shared. But, ACM cannot import ECDSA SSL certificate as of now. So, please import ECDSA SSL certificate with IAM. You can do it on ALB HTTPS listener setting. Note that you should copy server.key without between “BEGIN PARAMETERS” and “END EC PARAMETERS” during importing private key. If you need to support RSA and ECDSA cipher suites, please refer to the following article (sorry, it’s Japanese article. Please use any translation tool).
$ openssl s_client -connect elb-ecdsa-test-1-109828406.ap-northeast-1.elb.amazonaws.com:443 -servername elb-ecdsa-test-1-109828406.ap-northeast-1.elb.amazonaws.com -cipher ECDHE-ECDSA-AES128-GCM-SHA256 < /dev/null | grep "Cipher"
 New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256
     Cipher    : ECDHE-ECDSA-AES128-GCM-SHA256

$ openssl s_client -connect elb-ecdsa-test-1-109828406.ap-northeast-1.elb.amazonaws.com:443 -servername elb-ecdsa-test-1-109828406.ap-northeast-1.elb.amazonaws.com -cipher ECDHE-RSA-AES128-GCM-SHA256 < /dev/null | grep "Cipher"
 New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
     Cipher    : ECDHE-RSA-AES128-GCM-SHA256

プログラミング recent post

  1. Solved LeetCode Problems More Than 300

  2. Generating ECDSA Self-Signed Certificate

  3. Generating SSL Self-Signed Certificate And Ap…

  4. How did I pass GCP Professional Cloud Archite…

  5. How to bring columns not GROUP BY key from ne…

関連記事

Comment

  1. No comments yet.

  1. No trackbacks yet.

PAGE TOP