User Tools

Site Tools


various:how-to-create-self-signed-certificates

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
various:how-to-create-self-signed-certificates [2019/10/22 15:46]
Ilias Iliopoulos created
various:how-to-create-self-signed-certificates [2024/02/02 21:50] (current)
Ilias Iliopoulos
Line 17: Line 17:
 1. Any individual can create a long numeric sequence, using OpenSSL. This sequence is stored in a file, which is referred to as the ''​private key''​. This private key is never shared with anyone and is kept in a secure location, where only the administrator has permissions to access. 1. Any individual can create a long numeric sequence, using OpenSSL. This sequence is stored in a file, which is referred to as the ''​private key''​. This private key is never shared with anyone and is kept in a secure location, where only the administrator has permissions to access.
  
-2. The same individual uses the newly created private key in order to generate with OpenSSL a ''​Certificate Signing Request (CSR)''​. This is another long numeric sequence, stored in a file which usually has the extension ''​.csr''​.+2. The same individual uses the newly created private key in order to generate with OpenSSL a ''​Certificate Signing Request (CSR)''​. This is another long numeric sequence, stored in a file which usually has the extension ''​.csr''​. The extension just signifies the usage of the file. Actually the format of the file is PEM, that is why both of our key files have the ''​.pem''​ extension. This is of course just for us humans. Files can be named anyway you like.
  
 3. The individual sends the Certificate Signing Request to a trusted entity, which is known as the ''​Certificate Authority (CA)''​. The communication can take place even on a non-secure medium, because the CSR has been generated by the private key, but the private key still remains at the sole ownership of its creator. 3. The individual sends the Certificate Signing Request to a trusted entity, which is known as the ''​Certificate Authority (CA)''​. The communication can take place even on a non-secure medium, because the CSR has been generated by the private key, but the private key still remains at the sole ownership of its creator.
Line 39: Line 39:
 </​code>​ </​code>​
  
-We have therefore created **CAkey.pem** which is the private key of our CA and **CAcert.pem** which is the public key of our CA.+We have therefore created ​files **CAkey.pem** which is the private key of our CA and **CAcert.pem** which is the public key of our CA.
  
-Each CSR that is signed by the CA contains a serial number. The CA maintains in its memory the next serial number. We shall use file **serial.txt** to keep track of this number.+Each CSR that is signed by the CA contains a serial number. The CA maintains in its memory the next serial number. We shall use file **file.srl** to keep track of this number.
  
 <​code>​ <​code>​
-$ echo '​01'​ > serial.txt +$ echo '​01'​ > file.srl 
 </​code>​ </​code>​
 +
 +This step needs to be performed only once, before creating our first certificate. To create additional certificates,​ we shall start with Step 2.
  
 ==== Step 2: Generate the private key and the CSR ==== ==== Step 2: Generate the private key and the CSR ====
  
-Now, we resume our identity as the individual who wishes to create its digital certificates. First, generate the private key:+Now, we resume our identity as the individual who wishes to create its digital certificates. First, generate the private key. In our example, we are creating a key for a server, so we decide to call the file **serverkey.pem**:
  
 <​code>​ <​code>​
Line 63: Line 65:
 </​code>​ </​code>​
  
-This will create the CSR in file **servercert.csr**.+This will create the CSR in file **servercert.csr**. With parameter ''​-nodes''​ we make sure that the certificate will not be encoded and a password will not be required to open it.
  
 We could also create private key and CSR with one command: ​ We could also create private key and CSR with one command: ​
Line 95: Line 97:
  
 ===== Conclusion ===== ===== Conclusion =====
-Going through the above steps, we have created our own Certificate Authority and we have created our private and public ​key. If we need additional certificates for more applications or servers, we can go through Steps 2 and 3 as many times as we like. +Going through the above steps, we have created our own Certificate Authority and we have created our own self-signed ​private and public ​keys. If we need additional certificates for more applications or servers, we can go through Steps 2 and 3 as many times as we like.
  
 +~~DISQUS~~
various/how-to-create-self-signed-certificates.1571748366.txt.gz · Last modified: 2019/10/22 15:46 by Ilias Iliopoulos