OpenSSL Step By Step Tutorial | How to Generate Keys, Certificates & CSR Using OpenSSL 

I needed someone to explain it like this for so long. Thank you man.

Excellent demonstration sir. Thank you for making this clear to me.

wow everything worked so flawlessly, you're a hero

Very well demonstrated key-pair generation, extracting public key, CSR and self-signed certificate. Great work!

Lot's of CSR videos but this one was perfect! Thank you!

Short video, simple to understand. WOW!!! Thank you

Good job done. Very clearly explained and everything was right to the point and it held my attention. Everyone should do their training videos like this.

Clear explanation to the point. Thanks buddy. Keep uploading more videos like this.

Thanks a lot bro..I was looking for a simple but explanatory tutorial on how certificates work..this video helped me to understand a lot

Great video ... I was confused before watching this, now I understand much better. Thanks.

Thanks a lot!!! Exactly what I was looking for

Thank you very much, very clear and to the point!

Awesome. This is what I needed this morning.

Just created my first key, ever. Now going to implement this....

this is just perfect, simple, effective !

It cleared all my doubts..nicely explained..thanks for the amazing video..!

Thanks a lot for the precise, and informative video.

Worked for me, best video on openssl

Awesome explanation. Thank you!

superb knowledge ... my friend .. keep sharing it..

Thank you bro!! you are save my life!!

Excellent video Sir. Thank you; it is greatly appreciated.

wow thank you explained so clearly

Great Tutorial, Thanks

excellent video. thank you.

great tutorial, thank you!

Nice explanation ! Thank you !

Good job! Thank you!

Great job!

good video, very nicely explained. thanks

thank you very much, it was very useful

Thanks a lot .Love from India

very helpful. thank you

Thankyou. Video was very clear

Good explanation in detail. I have one query in terms of renewal. To renew the existing CA signed certificate, is it correct to give old CSR (CSR generated to get CA signed initially). Is there any validity for key pair and CSR generated?

Thanks! You helped a lot

Very useful - clear and consise. Thanks for sharing.

Good job mate :) PK/ISB at last someone from PK

Good explanation , keep it up

Great video.. all commands worked for me...thanks...one query how to add critical extensions using your commands?

Thanks for the clear explanation

Very nice job. Please add info on how to create "non-self-signed certificates". Meaning certificate verifying some other public key. Thanks

Thanks, Its really helpful.

really great way of teaching thanks.

Awesome explanation bro !!!

Thank you!

Great presentation - thanks

Very informative 😊👏

Good job clearly explained

thanks bro, you are the best

It's very helpful~!

wow.. It helped me a lot

Thank you So Much Sir

Good job friend!!

Well done for this nice video

awsome!!!!!!

Thank you very much. Was thinking I will never get it with this csr.

Awesome 😍

Very nice video. Thank you very much. How to create certificate with encryption and does the server also should have a certificate with encrypted key? And also can we use Portecle to generate certificates with encrypted key for linux?

thanks for your help bro

Hi sir, I want to configure certificate based authentication, it requirement 1.CA, 2.User Certificate, 3.server certificate. What should I do, whether is same with you do?

Thank you sir

Job saving info for me.

Nice video in detail. I have one question in terms of renewal. To renew the existing CA signed certificate, is it correct to give old CSR (CSR generated to get CA signed initially). Is there any validity for key pair and CSR generated?

I Like it.

thank you bhai

Thank you

Great video, but you now have weird files on your computer. What do you do with these weird files. Do I ftp to my server, control panel, do I need to go to ican or other ssl org to upload them?

Thanks.

Thanks ..

Thanks for the great tutorials. How I securely push these key (private & cer) in jks file ?

Can you also make a video on certificate chaining / Intermediate CAS

If I want to create SSL certificates on cluster having 4-5 nodes, can we have same crt copied to all hosts?

In this case can we generate public keys and match with public keys being used by differenrt companies?

Great Video, Very clearly explained about CA, CSR. I have a question: When we are opening the //https connection using self signed CA certificate getting some warnings on //https web page. May I know the reason? Kindly, respond. Thanks

Thanks - I had all this confused. You helped a lot. Now how do I get this into Windows 10?

super

how to creat command "CLS" clear screen in this toolkit , or same equivalent???????????????????????

all those who are having error like me The only thing that worked for me in this situation was the self-created openssl.cnf file. Here are the basics needed for this exercise (edit as needed): # # OpenSSL configuration file. # # Establish working directory. @/c:\Users\User\Desktop\test dir = . [ ca ] default_ca = CA_default [ CA_default ] serial = $dir/serial database = $dir/certindex.txt new_certs_dir = $dir/certs certificate = $dir/cacert.pem private_key = $dir/private/cakey.pem default_days = 365 default_md = md5 preserve = no email_in_dn = no nameopt = default_ca certopt = default_ca policy = policy_match [ policy_match ] countryName = match stateOrProvinceName = match organizationName = match organizationalUnitName = optional commonName = supplied emailAddress = optional [ req ] default_bits = 1024 # Size of keys default_keyfile = key.pem # name of generated keys default_md = md5 # message digest algorithm string_mask = nombstr # permitted characters distinguished_name = req_distinguished_name req_extensions = v3_req [ req_distinguished_name ] # Variable name Prompt string #------------------------- ---------------------------------- 0.organizationName = Organization Name (company) organizationalUnitName = Organizational Unit Name (department, division) emailAddress = Email Address emailAddress_max = 40 localityName = Locality Name (city, district) stateOrProvinceName = State or Province Name (full name) countryName = Country Name (2 letter code) countryName_min = 2 countryName_max = 2 commonName = Common Name (hostname, IP, or your name) commonName_max = 64 # Default values for the above, for consistency and less typing. # Variable name Value #------------------------ ------------------------------ 0.organizationName_default = My Company localityName_default = My Town stateOrProvinceName_default = State or Providence countryName_default = US [ v3_ca ] basicConstraints = CA:TRUE subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always [ v3_req ] basicConstraints = CA:FALSE subjectKeyIdentifier = hash # copy till here now save this file and run the command as openssl req -new -key tutorialspedia.key -out tutorialspedia.csr -config openssl.cnf hope this will work for you :)

Can you tell me how we can extract the private key from the key pair, as well as the public key?

How should I verify that same csr for the crt that was created

I am getting Can't open -testauto.key for reading, No such file or directory error any idea ?? followed the same steps

info given in this video was insufficient to running localhost with https using openssl certificate. It ended with net::cert_common_name_invalid error in chrome on windows and also with hhtps strickedout in url with no green lock in browser address bar. I appreciate further help to fix the error...

how can we stop the stdin for step 3 like country name etc, and provide through argparser ?

Hello when i use command for create csr file. This file is not shown when type dir command it is not created. Why this issue happened ?

What is the command to connect for godaddy signed ssl

Hello, I created a ssl certificate but i dont want to put a specific CN name, rather just a * wildcard because in the server side hostname will keep changing periodically so i dont want to generate certificate everytime. Whatever the hostname it be the client can connect . Is there a way around ??

Sir how to create https complete chain certificate ?

Command to create self signed certificate with csr and private key is not working shows x509: Use -help for summary. any idea?

5:40 WHY DO I have to provide my *Private key* to the *CA Authority* for CSR , This seems to be wrong to me. Please explain.

Hisir. How do one vedio on how to create csr repo

executing openssl command to generate key pair using "openssl genrsa -out keyfile.key 2048" but facing an error "genrsa: Can't open "keyfile.key" for writing, Permission denied". Could you guide me hot to fix this

The video is good but you have a major mistake. I think the video is using the entire key pair file instead of the public key to generate the CSR which in turn will go to the CA. This is a very important piece of information that will kill you in any test or interview. The steps are correct but the files being used are wrong. The CSR should be created only with the public key file, the CA will generate a certificate. After verification, the CA sends you a signed digital certificate that contains your distinguished name, your public key, the CA's distinguished name, and the signature of the certificate authority. You store this signed certificate in your key database.

CAn you create an video about self signing code signing certificate

why not use pgpg tools?

how do i install it?

how can i remove or rekove the same certificate ??

6:00 Why did you pass the initial key file? .. shouldnt we pass the public key file?

Can I deploy certificate on godaddy domain?

How to solve the invalid digest for sha1 error while creating csr