SSL Certificate is the digital certificate which authenticates the website and enables the secure communication between client( or browser) and website or server. SSL certificate contains the public key of the website and other identify information about website. SSL certificate is the digital certificate and it is also known as public key certificate or identity certificate since it acts as the electronic document to validate the authenticity of the public key
In asymmetric key
Generate Self-Signed Certificate
First we need to private key. Generate the RSA private key using the command as follows
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -out cakey_private.pem
Using the key created, generate self signed certificate
openssl req -new -x509 -key cakey_private.pem -out cacert.pem -days 1024
You will be prompted to enter the details,
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) []:US State or Province Name (full name) []:New Hampshire Locality Name (eg, city) []: Organization Name (eg, company) []: Organizational Unit Name (eg, section) []: Common Name (eg, fully qualified host name) []:exmaple.com Email Address []:user@example.com
Above single command can be written into 3 different commands by generating intermediate CSR (Certificate Signing Request)
openssl genrsa -out key.pem
openssl req -new -key key.pem -out csr.pem
openssl x509 -req -days 1024 -in csr.pem -signkey key.pem -out cert.pem
Command to create key along with CSR
openssl req -new -newkey rsa:2048 -nodes -keyout your_domain.key -out your_domain.csr
If required, public key can be extracted from generated private key as follows
openssl pkey -in private.pem -out pubkey.pem -pubout
Verify the Certificate against CA Certificate
openssl verify -CAfile cert-ca.crt cert-website.pem
Get the verbose output
openssl verify -verbose -CAfile cert-ca.crt cert-wesite.pem
.
Leave a Reply