How To Generate Self Signed X.509 Certificates with OpenSSL? – POFTUT

How To Generate Self Signed X.509 Certificates with OpenSSL?

Hi, x509 certificates are used widely by a lot of applications. Generating x509 certificates seem to be hard and rocket science, but it is not. We will generate a key named t1.key and then create a signing request from this key. After that, to sign our request we will generate a self-signed CA key and certificate. After that, we will sing our request and generate ready to use the certificate.

Create 2048 Bit RSA Key

First, we need a key which must be kept secret. But for the example purpose, I will show you all keys in Base64 format. Here we will generate RSA key which size is 2048 bit and we name it t1.key. Then we look type of the key file, after that, I put key data into the terminal. We will use -out option to specify the key file name.

Create 2048 Bit RSA Key 

Create 2048 Bit RSA Key

Create Certificate Sign Request

This is just the key but we should generate a Certificate Sing Request CSR to the CA which is we in this example. We use t1.key as input and t1.csr as output. We also set a symmetric key to protect our certificate sign request. To use predefined parameters like Country Name etc. give OpenSSL configuration file with -c openssl.cnf

Create Certificate Sign Request

Create Certificate Sign Request

Self Sign CSR

Now The CA get our CSR it will sign our CSR with his private key. But in this example we are CA and we need to create a self-signed key firstly. We create a CA private key named key.pem and certificate named cert.pem which will be used to authenticate the users signed certificate. The valid time range is 365 days from now. And type is commonly used x509

LEARN MORE  Python Hash Strings and Lists to MD5, SHA256, SHA512 with Hashlib Module

Now sign the CSR with 365 days validity and create t1.crt. While doing this to open CA private key named key.pem we need to enter a password.

Self Sign CSR

Self Sign CSR

Print X.509 Certificate Information and Details

We can print our new certificate information and details with the -noout and -text options like below.

Print X.509 Certificate Information and Details

Print X.509 Certificate Information and Details

We can see that from the screenshot following information is provided.

  • Certificate Version
  • Serial Number
  • Issuer
  • Validity
  • Subject
  • Subject Public Key Info
  • Public Key Algorithm
  • Public Key
  • Modulus
  • Exponent
  • Signature Algorithm

Leave a Reply

Your email address will not be published. Required fields are marked *

Enjoy this blog? Please spread the word :)