Code2care : TechZone Apps & Tutorials

How to Generate Self-Signed OpenSSL certificate in three easy steps

To create a Self Signed Certificate you need to have OpenSSL tool installed on your Computer.

I have XAMPP installed on my Mac OS X which has a openssl tool, so i will be using it to create an OpenSSL certificate,

Step 1 : Generating a Private Key

    Open the openssl tool using Terminal/Command Prompt

    We create an Private Key that has a 1024 RSA key with a Triple DES encryption. This key is stored as PEM (Privacy Enhanced Email) format which contains ASCII text hence you can read it with a text editor too.

    OpenSSL> genrsa -des3 -out mySSL.key 1024
    Generating RSA private key, 1024 bit long modulus .............++++++
    e is 65537 (0x10001)
    Enter pass phrase for mySSL.key:
    Verifying - Enter pass phrase for mySSL.key:

Step 2 : Generating CSR Request (Certificate Signing Request)

    In Step 1 we created a Private Key, now we need to generate a Certificate Signing Request.

    Its a request that is send to the Certificate Authority (CA) like Verisign who verify the identify of the organization who is requesting the Certificate and issues a signed Certificate.

    But as we are going to do a Self Signing we do not require a CA, lets see how it is done,

    When we run the command for CSR we will be prompted with questions that need to be addressed, these are called as X.509 attributes of a Certificate. You will be prompted to fill the following,

    Country Name in ISO format
    Full State or Province Name
    Locality Name i.e your City
    Organization Name
    Organizational Unit Name
    Common Name
    Email Address

    OpenSSL> req -new -key server.key -out server.cs
    Enter pass phrase for server.key:
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.

    Country Name (2 letter code) [AU]:US
    State or Province Name (full name) [Some-State]:New York
    Locality Name (eg, city) []:New York
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:Code2care Tech
    Organizational Unit Name (eg, section) []:IT
    Common Name (e.g. server FQDN or YOUR name) []:Code2care
    Email Address []:[email protected]

    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:yourpassword
    An optional company name []:c2c

Step 3 : Generating Self Signed Certificate

    Now we will request for a Self signed certificate, for this we need to provide the number of days that this certificate is valid. Once you run this command the certificate file will be generated (for me the location of the file is under XAMPP/etc/ssl.crt/server.crt)

    OpenSSL>x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
    Signature ok
    subject=/C=US/ST=New York/L=New York/O=Code2care Tech/OU=I T/CN=Code2care/ emailAddress= [email protected]
    Getting Private key
    Enter pass phrase for server.key:


Posts related to ssl.

1. How to Generate Self-Signed OpenSSL certificate in three easy steps

Popular tags
x 175
x 29
x 20
x 14
x 14
x 14
x 13
x 11

1000+ C Programs     PHP Tutorial     JSON Tutorial     Swift Tutorial     India Pinocdes     About Us     Privacy Policy

Code2care © 2012-17