This content originally appeared on DEV Community and was authored by Thomas K
This article covers how to create a self-signed certificate using OpenSSL.
- Self-signed certificates can be useful during software development, or for deployment of a web application to a low-risk internal network.
- Self-signed certificates should not be used for publicly facing servers.
Create a Self-Signed Cert and Private Key
-
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out public.crt-
reqspecifies that we want to use X.509 Certificate Signing Request (CSR) Management. -
-x509specifies that we want to output a self signed certificate instead of a certificate request. -
-nodestells OpenSSL not to encrypt the private key. This is important because the server will need to read it without user interaction. -
-days 365specifies the number of days to certify the certificate. In this example, we specify365days. -
-newkey rsa:2048creates a new certificate and new private key. In this example, we specify an RSA key of2048bits. -
-keyoutspecifies the filename to write the private key to. -
-outspecifies the filename to write the certificate to.
-
View the Private Key
-
openssl rsa -noout -text -in private.key- The
rsacommand processes RSA keys. -
-nooutprevents output of the encoded version. -
-textprints out the various public or private key components in plain text in addition to the encoded version. -
-inspecifies the input filename to read a key from.
- The
View the Public Certificate
-
openssl x509 -noout -text -in public.crt- The
x509command is used to display certificate information. -
-nooutprevents output of the encoded version. -
-textprints out the certificate in text form. -
-inspecifies the input filename to read a certificate from.
- The
Check Compatibility
- OpenSSL stores a
modulusin both the private key and public certificate. -
We can check compatibility of the pair by comparing the the MD5 checksums of each
modulus.openssl x509 -noout -modulus -in public.crt | openssl md5 > public.md5 openssl rsa -noout -modulus -in private.key | openssl md5 > private.md5 diff public.md5 private.md5 If there are any differences in the md5 hashes, then the public cert and private key are not compatible.
Resources
- https://linux.die.net/man/1/req
- https://linux.die.net/man/1/x509
- https://linux.die.net/man/1/rsa
- https://www.openssl.org/docs/
This content originally appeared on DEV Community and was authored by Thomas K
Print
Share
Comment
Cite
Upload
Translate
Updates
There are no updates yet.
Click the Upload button above to add an update.
APA
MLA
Thomas K | Sciencx (2022-04-09T03:07:18+00:00) Create a Self-Signed Certificate Using OpenSSL. Retrieved from https://www.scien.cx/2022/04/09/create-a-self-signed-certificate-using-openssl/
" » Create a Self-Signed Certificate Using OpenSSL." Thomas K | Sciencx - Saturday April 9, 2022, https://www.scien.cx/2022/04/09/create-a-self-signed-certificate-using-openssl/
HARVARDThomas K | Sciencx Saturday April 9, 2022 » Create a Self-Signed Certificate Using OpenSSL., viewed ,<https://www.scien.cx/2022/04/09/create-a-self-signed-certificate-using-openssl/>
VANCOUVERThomas K | Sciencx - » Create a Self-Signed Certificate Using OpenSSL. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2022/04/09/create-a-self-signed-certificate-using-openssl/
CHICAGO" » Create a Self-Signed Certificate Using OpenSSL." Thomas K | Sciencx - Accessed . https://www.scien.cx/2022/04/09/create-a-self-signed-certificate-using-openssl/
IEEE" » Create a Self-Signed Certificate Using OpenSSL." Thomas K | Sciencx [Online]. Available: https://www.scien.cx/2022/04/09/create-a-self-signed-certificate-using-openssl/. [Accessed: ]
rf:citation » Create a Self-Signed Certificate Using OpenSSL | Thomas K | Sciencx | https://www.scien.cx/2022/04/09/create-a-self-signed-certificate-using-openssl/ |
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.