Are you looking for my non-technical blog?

This is now my technical-only blog, my non-technical blog is here.

31 July 2005

OpenSSL: Creating Digital Certificate Tutorial

Here is the way to - HOWTO - create a Digital Certificate using OpenSSL software.
First of all install OpenSSL on you PC, and add its bin file to your executables path.

Create your Own CA
Then create some directory to be your CA directory (let's call it demoCA)
Now create the following 3 directories in demoCA (requests, certs, and keys) and create the following to files (database.txt, and serial.txt) and open serial.txt and write 01 in it. Also don't forget to copy the file openssl.conf there too.
Now you need to create your CA key:
"openssl genrsa -des3 -out keys/ca.key 1024"
Create a master certificate based on this key, to use when signing other certificates:
"openssl req -config openssl.conf -new -x509 -days 1001 -key keys/ca.key -out certs/ca.cer"

Create the Digital Certificate
Generate private key for the certificate:
"openssl genrsa -des3 -out keys/foo-key.pem 2048"
Create a certificate request:
"openssl req -new -key keys/foo-key.pem -out requests/foo-req.csr"
Sign the certificate by the CA:
"openssl ca -policy policy_anything -config openssl.conf -cert certs/ca.cer -in requests/foo-req.csr -keyfile keys/ca.key -days 3650 -out certs/foo-cert.cer"
Convert the certificate format to x509 to be used by Windows Internet Explorer
"openssl x509 -in certs/foo-cert.cer -out certs/foo-cert-509.cer"

Note1: For windows users replace all "/" with "\"
Note2: You can get openssl.conf from anywhere, just google for it.
Note: This is how to use a self signed certificate on a Netscreen firewall

Tags: , , , ,


  1. very helpful article, i was always curious about all these complex algorithms that are being used in these ssl encryptions.