SSL Certificate is the digital certificate which authenticates the website and enables the secure communication between client( or browser) and website or server. SSL certificate contains the public key of the website and other identify information about website. SSL certificate is the digital certificate and it is also known as public key certificate or identity certificate since it acts as the electronic document to validate the authenticity of the public key
In asymmetric key
Generate Self-Signed Certificate
First we need to private key. Generate the RSA private key using the command as follows
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -out cakey_private.pemUsing the key created, generate self signed certificate
openssl req -new -x509 -key cakey_private.pem -out cacert.pem -days 1024You will be prompted to enter the details,
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) []:US State or Province Name (full name) []:New Hampshire Locality Name (eg, city) []: Organization Name (eg, company) []: Organizational Unit Name (eg, section) []: Common Name (eg, fully qualified host name) []:exmaple.com Email Address []:user@example.com
Above single command can be written into 3 different commands by generating intermediate CSR (Certificate Signing Request)
openssl genrsa -out key.pem
openssl req -new -key key.pem -out csr.pem
openssl x509 -req -days 1024 -in csr.pem -signkey key.pem -out cert.pemCommand to create key along with CSR
openssl req -new -newkey rsa:2048 -nodes -keyout your_domain.key -out your_domain.csrIf required, public key can be extracted from generated private key as follows
openssl pkey -in private.pem -out pubkey.pem -puboutVerify the Certificate against CA Certificate
openssl verify -CAfile cert-ca.crt cert-website.pemGet the verbose output
openssl verify -verbose -CAfile cert-ca.crt cert-wesite.pem.
Leave a Reply