User Tools

Site Tools


various:how-to-create-self-signed-certificates

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
various:how-to-create-self-signed-certificates [2019/10/22 19:41]
Ilias Iliopoulos [Step 2: Generate the private key and the CSR]
various:how-to-create-self-signed-certificates [2024/02/02 21:50] (current)
Ilias Iliopoulos
Line 17: Line 17:
 1. Any individual can create a long numeric sequence, using OpenSSL. This sequence is stored in a file, which is referred to as the ''​private key''​. This private key is never shared with anyone and is kept in a secure location, where only the administrator has permissions to access. 1. Any individual can create a long numeric sequence, using OpenSSL. This sequence is stored in a file, which is referred to as the ''​private key''​. This private key is never shared with anyone and is kept in a secure location, where only the administrator has permissions to access.
  
-2. The same individual uses the newly created private key in order to generate with OpenSSL a ''​Certificate Signing Request (CSR)''​. This is another long numeric sequence, stored in a file which usually has the extension ''​.csr''​.+2. The same individual uses the newly created private key in order to generate with OpenSSL a ''​Certificate Signing Request (CSR)''​. This is another long numeric sequence, stored in a file which usually has the extension ''​.csr''​. The extension just signifies the usage of the file. Actually the format of the file is PEM, that is why both of our key files have the ''​.pem''​ extension. This is of course just for us humans. Files can be named anyway you like.
  
 3. The individual sends the Certificate Signing Request to a trusted entity, which is known as the ''​Certificate Authority (CA)''​. The communication can take place even on a non-secure medium, because the CSR has been generated by the private key, but the private key still remains at the sole ownership of its creator. 3. The individual sends the Certificate Signing Request to a trusted entity, which is known as the ''​Certificate Authority (CA)''​. The communication can take place even on a non-secure medium, because the CSR has been generated by the private key, but the private key still remains at the sole ownership of its creator.
Line 39: Line 39:
 </​code>​ </​code>​
  
-We have therefore created **CAkey.pem** which is the private key of our CA and **CAcert.pem** which is the public key of our CA.+We have therefore created ​files **CAkey.pem** which is the private key of our CA and **CAcert.pem** which is the public key of our CA.
  
-Each CSR that is signed by the CA contains a serial number. The CA maintains in its memory the next serial number. We shall use file **serial.txt** to keep track of this number.+Each CSR that is signed by the CA contains a serial number. The CA maintains in its memory the next serial number. We shall use file **file.srl** to keep track of this number.
  
 <​code>​ <​code>​
-$ echo '​01'​ > serial.txt +$ echo '​01'​ > file.srl 
 </​code>​ </​code>​
  
Line 97: Line 97:
  
 ===== Conclusion ===== ===== Conclusion =====
-Going through the above steps, we have created our own Certificate Authority and we have created our private and public ​key. If we need additional certificates for more applications or servers, we can go through Steps 2 and 3 as many times as we like. +Going through the above steps, we have created our own Certificate Authority and we have created our own self-signed ​private and public ​keys. If we need additional certificates for more applications or servers, we can go through Steps 2 and 3 as many times as we like.
  
 +~~DISQUS~~
various/how-to-create-self-signed-certificates.1571762487.txt.gz · Last modified: 2019/10/22 19:41 by Ilias Iliopoulos