Menu
Take a look at PayPal (https://www.paypal.com/) security certificate.
It says: Connection Encrypted: High-grade Encryption (TLS_RSA_WITH_AES_256_CBC_SHA, 256 bit keys).
Now, how can I create my self signed certificate to have the same encryption, AES256?
I tried the following code in Openssl:
openssl> req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
I ended up with 128 bit certificate. Then I tried:
openssl> genrsa -aes256 -out key.key 4096
openssl> req -new -key key.key -out cert.csr
openssl> x509 -req -days 365 -in cert.csr -signkey key.key -out cert.crt
openssl> rsa -in key.key -out key.key
Even if I specified '-aes256', I ended up again with a 128 bit certificate: Connection Encrypted: High-grade Encryption (TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 128 BIT KEYS).
So, what did I do wrong and can you tell me how to create that 256 certificate? Thanks for help!
780
It's easy to create a self-signed certificate. You just use the openssl req command.
CodesInChaos was right. I should have edited the configuration of the server. I added the SSLCipherSuite line in Apache config and it worked:
SSLCipherSuite AES256-SHA
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With