How To Generate Self Signed Certificates


Hi, x509 certificates are used widely by a lot of applications. Generating x509 certificates seem to be hard and rocket science, but it is not. We will generate a key named t1.key and then create a signing request from this key. After that to signed our request we will generate a self signed CA key and certificate. After that we will sing our request and generate ready to use certificate.

First we need a key which must be kept secret. But for the example purpose I will show you all keys in base64 format. Here we will generate rsa key which size is 2048 bit and we name it t1.key. Then we look type of the key file, after that I put key data into terminal.

This is just the key but we should generate a Certificate Sing Request CSR to the CA which is we in this example. We use t1.key as input and t1.csr as output. We also set a symmetric key to protect our certificate sign request. To use predefined parameters like Country Name etc. give openssl configuration file with -c openssl.cnf

Now The CA get our csr it will sign our csr with his private key. But in this example we are CA and we need to create a self-signed key firstly. We create CA private key named key.pem and certificate named cert.pem which will be used to authenticate the users signed certificate. The valid time range is 365 days from now. And type is commonly used x509

Now sign the csr with 365 days validity and create t1.crt. While doing this to open CA private key named key.pem we need to enter password.

You can se details of the certificate recently signed by CA

LEARN MORE  How to Use 'fuser' to Match User and Process

You may also like...

Leave a Reply

Your email address will not be published.

Enjoy this blog? Please spread the word :)