Create and sign certs with OpenSSL

Подписаться 1,2 тыс.

Просмотров 54 тыс.

50% 1

In this video, I talk about how to create and sign certs with OpenSSL (and convert them to PFX for Windows). This came out of my complete inability to ever remember how to do any of this, so I created a cheat sheet and then recorded this video off of it.
Cheat sheet below:
Self-signed
Generate a new private key:
openssl genrsa -out blah.key 4096
Create a self-signed cert from the private key:
openssl req -x509 -key blah.key -out blah.pub -days 365
Verify the certificate:
openssl x509 -noout -text -in blah.pub
Do all of the above in a single command:
openssl req -x509 -newkey rsa:4096 -keyout ca.key -out ca.crt -days 365 -nodes
Convert to pfx:
openssl pkcs12 -export -in ca.crt -inkey ca.key -out ca.pfx
Using a key to sign another:
Generate a new private key
Create a CSR from the private key:
openssl req -new -key blah.key -out signable.csr
Do both in the same step:
openssl req -newkey rsa:4096 -out signable.csr -keyout signable.key -nodes
Sign the CSR with the CA cert:
openssl x509 -req -in signable.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out signable.crt -days 365
Export as PFX:
openssl pkcs12 -export -in signable.crt -inkey signable.key -out signable.pfx
For more on me: brianparks.me

Опубликовано:

30 сен 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 35

@random-characters4162 Год назад

sorry if I missed it in the vid. Why are we creating only private keys? Where is a public key? From other explanations, I thought it should be a part of the certificate...

@jerrywong832 2 года назад

I am still not 100% clear. Would you be able to make a video of how to create a web site with https: rather than http please. I know it has something to do with the SSL certificate but I am unable to relate SSL and https. Thank you

@DevParkour 2 года назад

You bet!

@KenjiEmura 2 года назад

Best real world explanation so far, thanks a lot!!

@DevParkour 2 года назад

Thanks! I made this video because every time I need to work with certificates, I needed to relearn how to use the tools and go through the process! I’m glad it is as useful to others as it is to me!

@jarno2427 2 года назад

@@DevParkour could you remake this tutorial with a sha256 type self signed certificate (valid) for apps like exe files

@anonymoususer6786 11 месяцев назад

need seriously start with the short option first. No respect for peoples time.

@oscar4679ify Год назад

hola Sor Oscar Gomez, quiero preguntar si me puedes ayudar con un proyecto que tengo, para crear una pagina web que funciona como un control inventario, y hay que crear le multiples usuarios con diferentes niveles de acceso, y quisiera implementarle biometria por huella para los usuarios y que tenga un certificado RSA 15369 bit

@jesussabalaga7167 2 года назад

Hello, your video is excellent, I would like to know if you know how to review a .pfx if I was the one who generated it with, for example, the private key? Cheers!

@ajaiyapandey5058 Год назад

wow... great .. all doubts & blockers gone !

@AdrianGonzalezBlogs 3 месяца назад

Thanks

@ramprasad_v 2 года назад

It was very helpful. Thanks 🙂

@Losgatosdelacasa Год назад

Thank you, one question if I have the certificate installed on my website and I want to use hmailserver and add a new one to hmailserver?

@dazzassti Год назад

mate, your not signing the key with the key, you're signing the cert that you create with the key so that the key and the cert are intrinsically linked. The key is a unique value that encodes the cert. I think you made that very confusing.

@hamzaelkhaldi4413 Год назад

Someone encrypted my files how i can fix that. He told me to pay 6k$ which o don't hav it

@arunbakshi7138 2 года назад

Thanks a lot. It's really awesome. Kindly if you can explain how to generate root and intermediate certificates as well.

@nab3609 Год назад

Thanks a lot Brian !

@jarno2427 2 года назад

@Dev Parkour could you remake this tutorial with a sha256 type self signed certificate (valid)

@random-characters4162 Год назад

I'm on a mac and to run openssl req (self signed cert action on 9:19) I had to add -new flag. Otherwise the command just hangs

@nowzarifarhad 2 года назад

I do the same, and add the signed certificate to the website on IIS and its fine but when I access the website from the clients eventhough that I trust the root it still doesn't trust the cert. Only firefox works but chrome doesn't

@Daniel-mz9dn 10 месяцев назад

the last command line was what? it cut off

@narendranmanickavasagam1329 Год назад

Good one. Sometimes commands are hidden by video

@lebeluet 2 года назад

Thanks for the video. Did purchase a codesign certificate from "COMODO/SECTIGO" and I'm trying to do codesign windows apps using github workflow and github secret. So far I haven't had much success to codesign. Question do I need to embed "COMODO/SECTIGO" .crt and .key into secured .crt and secured.key prior to encode into base64 for the githubsecret or do the encode into base64 directly form "COMODO/SECTIGO"

@DevParkour 2 года назад

Good question. I have done codesigning on windows apps via a CI/CD pipeline once before a few years ago. I’ll see if I can dig up what I did and make a video on it soon. I used GitLab CI/CD, but the commands/concepts should transfer.

@lebeluet 2 года назад

@@DevParkour This morning I was able to codesign my app and perform my first GitHub release. I didn't need to embed the "COMODO/SECTIGO" .crt and .key files. I'm not sure where the problem came from as I made several changes before the workflow worked. I still must correct the release because now the package cannot be downloaded even if it is displayed in the release. Ref Github project : MPC-MassPropertiesCalculator