How to create self signed SSL certificate using OpenSSL

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello and welcome back to my channel today i'm gonna show you how to create a self-signed ssl certificate so what i mean by self-signed certificate all right so go to google.com and you see here https so that means it's a secure website so every https website has an associated certificate ssl certificate you go here and check for yourself what is that so certificate information is here and who is it issued to it is issued to google.com and issued by gtsca so this is what i was i'm talking about the topic for today so instead of going to ca for a certificate we can create ourselves our own self-signed certificate right so for production grade obviously you have to consult the ca that is certification authority and for testing purpose you can create your own certificate all right so issued by gtsca101 so gts is obviously google is a big company and they have their own certification authority so let's check what is gds so gds is nothing but google trust services right so let's check for google i mean wikipedia.org so here's c and it is issued to wikipedia.arc and issued by digicert so this is a third-party ca and which wikipedia is using i mean they're consulting this authority to get the ssl certificate so i'm gonna show how to create our own self-signed certificate so we're going to use a simple open ssl command and these are the major steps here so this i have listed down all the commands required for creating a self-signed certificate the first one you have to act as a ca so for that you need a certificate first you will create a certificate uh to be considered as ca right so that's the first step the second step is to request a server certification signing request to this ca right so assume that you have a web application or web server right so from there you are going to request a signing request to this ca that means that is yourself and the third step is sign this server certificate signing request with this ca certificate and give it to this server so this is the steps these are the steps in summary let's see one by one okay i have listed down the commands here so okay this is the first step to create a ca certificate let me execute this as this right so before testing make sure that you are on a empty folder right so this will explain i have a script i'm going to explain that as well so you make sure that you are on a empty folder because i'm deleting i mean you should not interfere with existing certificates so to test you should have a test folder so i don't have anything in this folder i'm going to execute this first command so this is open ssl request of type uh this is the current type here i mean supplying and then new key of type rsa and 4096 bit encrypted the validity and the key file and certificate file right these are the basic information we're going to provide okay so you need to enter a pass price this is to make sure that uh our ca key is protected all right so now it is asking the dn distinguished name so this is nothing but a issuer details so here right we had this issuer so this information you are need to keep now this information basically right so let me provide the basic information so the country name permits india and state city and organization name so think that you are a ca authority so i say my ca that means i'm a ca certification authority right so again i'll keep saying my ca uh common name this is an organization right start.myca.com so this is the domain which will be issuing your certificate email address test at myca.com all right so the certificate is created let me examine those right so i have a ca dot qci key and cs3 let's cat and see what is in okay so notice here it is encrypted private key because we entered the past price so it is encrypted okay so this is the actual sa certificate okay so there is a method to check the content in a human readable form so for that we're going to use this command so this is human readable format so the certificate i'm going to pass so this is in human readable form the version the serial number every certificate will have a serial number and this is exa value and signature algorithm short 256 and this is the issuer so it's me all right so here also same value you can see so if it is a production grade certificate it will be actual uh certification authority like for example gts for google alright so we have this ca certificates created the first step is done right so first step is done now the second step we need to create uh okay we need to create a signing request now so this is the command for that so the command is request new key note that i'm not gonna give this because this is a request and this is not a certificate so this is actually for trusted type certificates so i'm just gonna request assigning uh i mean send a signing request to the ca server so this command i'm gonna use as is open ssl request of type new key so also and notice here it's server key and server request it's not a certificate again it's asking for pass price to encrypt the server key all right so now it is asking for me the dn distinguished name okay now i'm gonna slightly change the company because here i'm an individual i have a web server for that server i'm requesting a ca certificate let me put it like this okay i don't think it will work let me see okay i'll say my app because this is a website right okay name same okay this is the domain where i will be applying my certificate it should be star dot myapp.com paste at my app.com okay it's asking for some additional thing i am not sure about this let me give some basic stuff okay so now the sending requests are created let's just examine the content so these two are the newly created signing request and signing keys all right so let's catch this key first okay this is again the same encrypted private key and this is a request not a certificate right so this is actually a request not a certificate you can notice here okay we have completed this two steps one ssl i mean uh ca certificate creation and creating a request now the third step signing the ca certificate so i'm gonna use this cs certificate to sign i'm gonna act as ca using these certificates okay so this is the command open ssl again because this i'm using for certificate so i'm gonna use 509 request in so i'm gonna input the request which i have created in this command right so this is input file and notice here ca i'm going to use the ca which i have created in this step so in the production grid this should be done by a ca and they will have their own certificate and ca key ca is nothing but this one right so the ca is identi identified by these two things cs certificate and see a key all right and this one ca create serial so every certificate i mean signed certificate will have assigned i mean the uh signed certificate will have a serial key as i shown uh above i'm gonna show that again right so the out is server signed certificate dot pm so let's execute this so make sure that you provide the input value which is created from step number two open ssl request to sign fulfilling the signing request yeah okay see here getting a ca private key this is a key which you have mentioned initially during this step right this is verification not a new encryption so enter the passphrase for ca key dot pem so this key is encrypted and that decryption key it needs okay that's done so let us see if the sign certificate is available or not yeah server sign certificate this is the name height given and this is the file notice there is a new file here uh ca search dot srl so this is the serial value of this certificate right notice here this you can find it in this certificate as well right so let's examine that certificate what is the content in a human readable form okay so it's i service site set dot pm yeah server sign insert that pm okay russian bonds serial number so and so so this serial number and that what i showed should match and uh signature type shot 256 issuer that's me right again is your save notice here it is valid for valid for one month 30 days right did i mention that uh no i didn't mention by default it's 30 days so you can actually put days is equal to however you want let me try that so first remove this okay normally it won't be 365 but 60 days i'll generate a new file set dot one okay for verification yeah i have created this new one let's make some and this okay so september to november so this is 6 60 days so that way you can manipulate your signed certificates so that's all folks so in summary i have shown you how to create a self signed ssl certificate for test environment remember it's for test environment right so these are the steps in summary create a ca to act yourself as a ca and create a signing request from server to the ca and the ca will sign using its ca certificate and send it back to you so that's the process to create a self-signed ssl certificate with uh thanks for watching in the next video i'll come up with some other interesting topic see you later

Info

Channel: Krishna S

Views: 7,917

Rating: undefined out of 5

Keywords: MS office, Excel, Spellnumber, advanced, excel, learning, ssl, self signed certificate, certificate CA, trusted certificate, openssl

Id: c-LEHJy5g8Y

Channel Id: undefined

Length: 14min 47sec (887 seconds)

Published: Sun Sep 06 2020