# How to Generate a Self-signed Certificate for Jabberd v2+



## rtwingfield (Sep 1, 2011)

There are two  essential commands to execute, *openssl* (twice) and *cat*.  (The other operations in the following list are more or less optional, but advisable for security considerations.)


```
# cd /usr/local/etc/jabberd/.ssh [font="Arial"][I][color="Blue"]. . .or your path of choice[/color][/I][/font]

# [B]openssl[/B] req -new -x509 -newkey rsa:1024 -days 3650 -keyout privkey.pem -out server.pem
# [B]openssl[/B] rsa -in privkey.pem -out privkey.pem  [font="Arial"][I][color="Blue"]. . .to remove the passphrase[/color][/I][/font]
# [B]cat[/B] privkey.pem >> server.pem [font="Arial"][I][color="Blue"]. . .combine both the private key and the public certificate into a common file, [FILE]server.pem[/FILE][/color][/I][/font]

# rm privkey.pem
# chown root:jabber server.pem    
# chmod 640 server.pem
```


The first instance of the *openssl req -new*  command construct generates the private/public key pair which will be combined into a common file (arbitrarily named server.pem in this example . . .just be consistent in your jabberd component *.xml configuration files), once the passphrase is removed.  

For your information, the dialogue of the openssl req -new  construct as follows:
	
	



```
Generating a 1024 bit RSA private key
	...........................++++++
	......++++++
	writing new private key to 'privkey.pem' [font="Arial"][color="Blue"][I]. . .private key file is generated without admin. intervention, but is empty at this point.[/I][/color][/font]

	Enter (private key) PEM pass phrase:  "whatever" [font="Arial"][color="Blue"][I]. . .it will be removed anyway.[/I][/color][/font]
	Verifying - Enter PEM pass phrase:
	-----
	You are about to be asked to enter information that will be incorporated
	into your certificate request.
	What you are about to enter is what is called a Distinguished Name or a DN.
	There are quite a few fields but you can leave some blank
	For some fields there will be a default value,
	If you enter '.', the field will be left blank.
	-----
	Country Name (2 letter code) [AU]:[B]US[/B]
	State or Province Name (full name) [Some-State]:[B]Arkansas[/B]
	Locality Name (eg, city) []:[B]Little Rock[/B]
	Organization Name (eg, company) [Internet Widgits Pty Ltd]:[B]FooBar Network Services[/B]
	Organizational Unit Name (eg, section) []:[B]IT[/B]
	Common Name (eg, YOUR name) []:[B]foobar.net[/B]
	Email Address []:[B]John.Smith@foobar.net[/B]
```



The resulting combined file (server.pem) containing the public certificate and the RSA private key stripped of the passphrase:

```
-----BEGIN CERTIFICATE-----
MIID4zCCA0ygAwIBAgIJAKv4v1LLW1Y5MA0GCSqGSIb3DQEBBQUAMIGoMQswCQYD
[I][color="Blue"][font="Arial"]. . .nineteen additional lines[/font][/color][/I]
mtF5HGy99+Su6/+63ybyHZee6sXB4Bdqv2kh6ATAB1RDu2nVxu1I
-----END CERTIFICATE-----

-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCr1DLAmxpHUZ2vmHGtUIzmLCdlmlS/KsJETXeikNqoJgJgVuZQ
[I][color="Blue"][font="Arial"]. . .eleven additional lines[/font][/color][/I]
AWIM4MJTj270Idvf2ZNROvnTFfDaZVsmPAQcTeZiYhE=
-----END RSA PRIVATE KEY-----
```



Before the passphrase was removed, the RSA private key (privkey.pem) looked like this: 

```
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,42E29F1D1FA0E01B

+GyJe923X/+N/9v6WMS7h1qhZ3rk/dCqutWvOtv0btwbLxd1LyBuoIGau4A0RPMQ
[I][color="Blue"][font="Arial"]. . .eleven additional lines[/font][/color][/I]
PkV0tI36tBnSt689v4IfX9DLm2YQAZd1GS2MvrGOqsIib79kGLu/cw==
-----END RSA PRIVATE KEY-----
```


----------

