How to Generate Self-Signed OpenSSL certificate in three easy steps


To create a Self Signed Certificate you need to have an OpenSSL tool installed on your computer. I have XAMPP installed on my Mac OS X which has an OpenSSL tool, so I will be using it to create an OpenSSL certificate,

Step 1 : Generating a Private Key

Open the OpenSSL tool using Terminal/Command Prompt

We create a Private Key that has a 1024 RSA key with Triple-DES encryption. This key is stored as PEM (Privacy Enhanced Email) format which contains ASCII text hence you can read it with a text editor too.

OpenSSL> genrsa -des3 -out mySSL.key 1024
Generating RSA private key, 1024 bit long modulus .............++++++
........++++++
e is 65537 (0x10001)
Enter passphrase for mySSL.key:
Verifying - Enter pass phrase for mySSL.key:
OpenSSL>

Step 2 : Generating CSR Request (Certificate Signing Request)

In Step 1 we created a Private Key, now we need to generate a Certificate Signing Request.

Its a request that is sent to the Certificate Authority (CA) like Verisign who verify the identity of the organization who is requesting the certificate and issues a signed Certificate.

But as we are going to do a Self Signing we do not require a CA, let's see how it is done,

When we run the command for CSR we will be prompted with questions that need to be addressed, these are called as X.509 attributes of a Certificate. You will be prompted to fill the following,

Country Name in ISO format
Full State or Province Name
Locality Name i.e your City
Organization Name
Organizational Unit Name
Common Name
Email Address
OpenSSL> req -new -key server.key -out server.cs
Enter passphrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:New York
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Code2care Tech
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:Code2care
Email Address []:[email protected]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: your password
An optional company name []:c2c

Step 3 : Generating Self Signed Certificate

Now we will request a Self-signed certificate, for this we need to provide the number of days that this certificate is valid. Once you run this command the certificate file will be generated (for me the location of the file is under XAMPP/etc/ssl.crt/server.crt)

OpenSSL>x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=US/ST=New York/L=New York/O=Code2care Tech/OU=I T/CN=Code2care/ emailAddress= [email protected]
Getting Private key
Enter pass phrase for server.key:
OpenSSL>