How To Generate Self Signed X.509 Certificates with OpenSSL?

RSS
EMAIL
FACEBOOK
FACEBOOK
GOOGLE
GOOGLE
https://www.poftut.com/how-to-generate-self-signed-x-509-certificates-with-openssl/
PINTEREST
PINTEREST
INSTAGRAM

Hi, x509 certificates are used widely by a lot of applications. Generating x509 certificates seem to be hard and rocket science, but it is not. We will generate a key named t1.key and then create a signing request from this key. After that to signed our request we will generate a self signed CA key and certificate. After that we will sing our request and generate ready to use certificate.

Create 2048 Bit RSA Key

First we need a key which must be kept secret. But for the example purpose I will show you all keys in Base64 format. Here we will generate RSA key which size is 2048 bit and we name it t1.key. Then we look type of the key file, after that I put key data into terminal.

Create 2048 Bit RSA Key 
Create 2048 Bit RSA Key

Create Certificate Sign Request

This is just the key but we should generate a Certificate Sing Request CSR to the CA which is we in this example. We use t1.key as input and t1.csr as output. We also set a symmetric key to protect our certificate sign request. To use predefined parameters like Country Name etc. give OpenSSL configuration file with -c openssl.cnf

Create Certificate Sign Request
Create Certificate Sign Request

Self Sign CSR

Now The CA get our CSR it will sign our CSR with his private key. But in this example we are CA and we need to create a self-signed key firstly. We create CA private key named key.pem and certificate named cert.pem which will be used to authenticate the users signed certificate. The valid time range is 365 days from now. And type is commonly used x509

LEARN MORE  What is DHCP and How It Works?

Now sign the csr with 365 days validity and create t1.crt. While doing this to open CA private key named key.pem we need to enter password.

Print X.509 Certificate Information and Details

We can print our new sertificate information and details with the -noout and -text options like below.

RSS
EMAIL
FACEBOOK
FACEBOOK
GOOGLE
GOOGLE
https://www.poftut.com/how-to-generate-self-signed-x-509-certificates-with-openssl/
PINTEREST
PINTEREST
INSTAGRAM