Creating Self-Signed Certificates or Certificate Service Request with OpenSSL

Creating Self-Signed Certificates or Certificate Service Request with OpenSSL

Creating Certificates with OpenSSL

OpenSSL

One of the most versatile SSL tools is OpenSSL which is an open source implementation of the SSL protocol. There are versions of OpenSSL for nearly every platform, including Windows, Linux, and Mac OS X. OpenSSL is commonly used to create the CSR and private key for many different platforms, including Apache. However, it also has hundreds of different functions that allow you to view the details of a CSR or certificate, compare an MD5 hash of the certificate and private key (to make sure they match), verify that a certificate is installed properly on any website, and convert the certificate to a different format. A compiled version of OpenSSL for Windows can be found attached below.

Place the unzipped folder on the C: drive. Then open a command prompt and type CD C:\openssl-1.0.2h-x64_86-win64

 

Generate a new private key and Certificate Signing Request

openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key

 

Generate a self-signed certificate

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

 

Generate a certificate signing request (CSR) for an existing private key

openssl req -out CSR.csr -key privateKey.key -new

 

Generate a certificate signing request based on an existing certificate

openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key

 

Remove a passphrase from a private key

openssl rsa -in privateKey.pem -out newPrivateKey.pem

 

Check a Certificate Signing Request (CSR)

openssl req -text -noout -verify -in CSR.csr

 

Check a private key

openssl rsa -in privateKey.key -check

 

Check a certificate

openssl x509 -in certificate.crt -text -noout

 

Check a PKCS#12 file (.pfx or .p12)

openssl pkcs12 -info -in keyStore.p12

 

 

 

Attachments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: