Get ready to create "FREE SSL CERTIFICATE" for your website!
Make OpenSSL Certificate and self sign.
This tutorial is composed of the book SSL and TLS ! I have here a few
examples being used. In particular, the config file and signing.INDEX:
1. What is an SSL certificate
2. An easy start
3. Create CA Certificate
4. certificate Signing
Make OpenSSL Certificate and self sign.
This tutorial is composed of the book SSL and TLS ! I have here a few
examples being used. In particular, the config file and signing.INDEX:
1. What is an SSL certificate
2. An easy start
3. Create CA Certificate
4. certificate Signing
1. What is an SSL Certificate ?
SSL stands for Secure Socket Layer , is a protocol for a secure connection .
you do see is a page where " https:// " For state instead of " http:// "
You can see especially on pages where online payments transferred .
Or forms where personal information is requested.
The benefit is that the data is never released to anyone else.
You can see especially on pages where online payments transferred .
Or forms where personal information is requested.
The benefit is that the data is never released to anyone else.
2. An easy start
Download openSSL here and install it.
Make sure it is installed on the C :/ drive is.
So you would have to look like C :/ Openssl folder structure on your C drive
Now go to Control Panel - > System - > Advanced - > Environment Variables
Now you see the bottom of the dialog box, System Variables and add C : Openssl in to the system path the property is called the Variable PATH .
Now go to your C :/ drive and create a new workbook thats called ssl
Now you see C :/ drive like this C :/ ssl
Go to the CMD window and go to C :/ ssl
Now you're there , type the following commands
md certs
md requests
md keys
copy con database.txt
^ Z
copy con serial.txt
01
^ z
The old DOS veterans will recognize this way of working that Ctrl + Z ensures that you get an empty file called database.txt
Important: ! That ^ z is a CTRL + Z no shift +6 + z ! remember that !
" I ATTACHED THE FILE BELOW THIS POST! "
I've edited it myself so there might still be flaws in it but it works fine with me, and the config file you must save as openssl.conf in the ssl folder
It is extremely important that you download the file and save it as openssl.conf in the folder ssl !
Now you have a whole new workbook it is superfluous , but it makes a lot of things a lot easier !
I MEAN TO SAY A FOLDER WHERE YOU AUTOMATICALLY STORE THE CERTIFICATES IN AND THAT KIND OF THINGS AND WHERE YOU STORE THE CONFIG FILE !
So you would have to look like C :/ Openssl folder structure on your C drive
Now go to Control Panel - > System - > Advanced - > Environment Variables
Now you see the bottom of the dialog box, System Variables and add C : Openssl in to the system path the property is called the Variable PATH .
Now go to your C :/ drive and create a new workbook thats called ssl
Now you see C :/ drive like this C :/ ssl
Go to the CMD window and go to C :/ ssl
Now you're there , type the following commands
md certs
md requests
md keys
copy con database.txt
^ Z
copy con serial.txt
01
^ z
The old DOS veterans will recognize this way of working that Ctrl + Z ensures that you get an empty file called database.txt
Important: ! That ^ z is a CTRL + Z no shift +6 + z ! remember that !
" I ATTACHED THE FILE BELOW THIS POST! "
I've edited it myself so there might still be flaws in it but it works fine with me, and the config file you must save as openssl.conf in the ssl folder
It is extremely important that you download the file and save it as openssl.conf in the folder ssl !
Now you have a whole new workbook it is superfluous , but it makes a lot of things a lot easier !
I MEAN TO SAY A FOLDER WHERE YOU AUTOMATICALLY STORE THE CERTIFICATES IN AND THAT KIND OF THINGS AND WHERE YOU STORE THE CONFIG FILE !
3. A certificate request.
uitvoeren -> cmd.">Go to Start - > Run - > cmd .
Start by typing cd to your working directory and then cd ssl.
Now you get the cmd window to see this.
C :/ ssl >
Now we can make a request that we want to create an SSL certificate.
Now type openssl req -new- nodes -out requests / certreq.txt - keyout keys / privatekey.pem
Now do you see the following.
Loading ' screen' into random state - done
Generating a 1024 bit RSA private key
..................... + + + + + + + + + .............
+ + + + ..... + ................. + + + + + + +
writing new private key to ' privatekey.pem
------
You are about to be asked to enter information that will be incorporated
into your certificate request .
What you are about to enter is what is called a distinquished A Name or DN .
There are quite a few fields but you can leave some blank
For some fields there will be a default value ,
If you enter '. ' , The field will be left blank .
-------
Country Name ( 2 letter code ) [ ] : 'US'
State or Province Name (full name) [ ] : 'Florida'
Locality Name ( eg , city ) [ ] : 'Orlando'
Organization Name ( eg , company) [ ] : 'Your company name !'
Organizational Unit Name ( eg , section) [ ] : 'the industry'
Common name ( eg , your websites domain name) [ ] : 'yourwebsitedomain.com'
Email Address [ ] : email@email.nl
Please enter the following ' extra ' attributes to be sent with your certificate request
A challenge password [ ] : 'password'
Now you have a certificate request and a key made.
The certificate request is the file that is called certreq.txt is stored in the folder c :/ ssl / requests /
A file that is called privatekey.pem your private key that you need to match your host certificate.
"Keep this key properly and safely! YOUR EYES ONLY FILE!"
uitvoeren -> cmd.">Go to Start - > Run - > cmd .
Start by typing cd to your working directory and then cd ssl.
Now you get the cmd window to see this.
C :/ ssl >
Now we can make a request that we want to create an SSL certificate.
Now type openssl req -new- nodes -out requests / certreq.txt - keyout keys / privatekey.pem
Now do you see the following.
Loading ' screen' into random state - done
Generating a 1024 bit RSA private key
..................... + + + + + + + + + .............
+ + + + ..... + ................. + + + + + + +
writing new private key to ' privatekey.pem
------
You are about to be asked to enter information that will be incorporated
into your certificate request .
What you are about to enter is what is called a distinquished A Name or DN .
There are quite a few fields but you can leave some blank
For some fields there will be a default value ,
If you enter '. ' , The field will be left blank .
-------
Country Name ( 2 letter code ) [ ] : 'US'
State or Province Name (full name) [ ] : 'Florida'
Locality Name ( eg , city ) [ ] : 'Orlando'
Organization Name ( eg , company) [ ] : 'Your company name !'
Organizational Unit Name ( eg , section) [ ] : 'the industry'
Common name ( eg , your websites domain name) [ ] : 'yourwebsitedomain.com'
Email Address [ ] : email@email.nl
Please enter the following ' extra ' attributes to be sent with your certificate request
A challenge password [ ] : 'password'
Now you have a certificate request and a key made.
The certificate request is the file that is called certreq.txt is stored in the folder c :/ ssl / requests /
A file that is called privatekey.pem your private key that you need to match your host certificate.
"Keep this key properly and safely! YOUR EYES ONLY FILE!"
3. Create CA Certificate
CA stands for Certificate Authorities and agencies that sign certificates that are the best known Verisign. But we're so our own self- signed CA certificate making .First, we generate our CA key needed to sign the certificate.
Now type : openssl genrsa - des3 -out keys / ca.key 1024
and now you get to see the following :
Loading ' screen' into random state - done
Generating RSA private key , 1024 bit long modulus
................... + + + + + + + ..... + + + + + + + +
+ + + ..... + ... + ............. + + + + +
e is 65537 ( 0x10001 )
Enter pass phrase for keys / ca.key : password
Verifying - Enter pass phrase for keys / ca.key : password_again
">C : ssl >
Now is your CA key in the folder C : sslkeys this key is also important.
Keep them safe same as you privatekey.pem!
Now we can start making a CA certificate by the degree of this command :
openssl req - config openssl.conf -new- x509 -days 1001 -key keys / ca.key -out certs / ca.cer
Now you will see the following again :
Enter pass phrase for keys / ca.key : password
You are about to be asked to enter information that will be incorporated
into your certificate request .
What you are about to enter is what is called a Distinguished Name or a DN .
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ' ' , The field will be left blank .
------
Country Name ( 2 letter code ) [ ] : 'US'
State or province name ( full name) [ ] : 'Florida'
Locality Name ( eg , city ) [ ] : 'Orlando'
Organization Name ( eg , company) [ ] : 'Company Name'
Organizational Unit Name ( eg , section) [ ] : 'industry'
Comman Name ( eg , your websites domain name) [ ] : 'yourwebsitedomain.com'
Email Address [ ] : 'email@email.nl'
">C : ssl >
Now we have a CA certificate that we will sign the certificate request it .
So it becomes a trusted certificate .
4. Certificate.
You can sign the certificate signed by the following command:
openssl
ca -policy policy_anything openssl.conf - config - cert certs / ca.cer -
in requests / certreq.txt - keyfile keys / ca.key -days 360 -out certs /
iis.cer
Now do you see the following :
Using configuration from openssl.conf
Loading ' screen' into random state - done
Enter pass phrase for keys / ca.key : 'Password'
Check That the request matches the signature Signature OK !
The subject 's Distinguished Name is as follows
Country Name :: PRINTABLE : 'US'
Stateorprovincename : PRINTABLE : 'Florida'
LocalityName :: PRINTABLE : 'Orlando'
OrganizationName : PRINTABLE : ' company name '
Organizational Unit Name : PRINTABLE : ' Industry '
Common Name : PRINTABLE : ' yourwebsitedomain.com.com '
email address: PRINTABLE : ' email@email.nl '
Certificate is to be certified until Apr 12 11:47:19 2008 GMT (360 days )
Sign the certificate [ y / n ] : y
1 out of 1 certificate requests certified , commit ? [ y / n ] : y
Data Base Updated
">C : ssl >
Now we have signed the certificate.
Now we make it compatible with windows to avoid certain warnings.
With the following command :
openssl x509 - in certs / iis.cer out certs/iisx509.cer
If you are going to host you need the privatekey.pem thats in your keys folder.
And your CA certificate is your iis.cer and the certificate itself is iisx509.cer
Host those 3 files in the root folder of your webserver(domain) you created it for.
And you have created an https connection ready SSL Certificate domain!
ca -policy policy_anything openssl.conf - config - cert certs / ca.cer -
in requests / certreq.txt - keyfile keys / ca.key -days 360 -out certs /
iis.cer
Now do you see the following :
Using configuration from openssl.conf
Loading ' screen' into random state - done
Enter pass phrase for keys / ca.key : 'Password'
Check That the request matches the signature Signature OK !
The subject 's Distinguished Name is as follows
Country Name :: PRINTABLE : 'US'
Stateorprovincename : PRINTABLE : 'Florida'
LocalityName :: PRINTABLE : 'Orlando'
OrganizationName : PRINTABLE : ' company name '
Organizational Unit Name : PRINTABLE : ' Industry '
Common Name : PRINTABLE : ' yourwebsitedomain.com.com '
email address: PRINTABLE : ' email@email.nl '
Certificate is to be certified until Apr 12 11:47:19 2008 GMT (360 days )
Sign the certificate [ y / n ] : y
1 out of 1 certificate requests certified , commit ? [ y / n ] : y
Data Base Updated
">C : ssl >
Now we have signed the certificate.
Now we make it compatible with windows to avoid certain warnings.
With the following command :
openssl x509 - in certs / iis.cer out certs/iisx509.cer
If you are going to host you need the privatekey.pem thats in your keys folder.
And your CA certificate is your iis.cer and the certificate itself is iisx509.cer
Host those 3 files in the root folder of your webserver(domain) you created it for.
And you have created an https connection ready SSL Certificate domain!
DOWNLOAD Open SSL Conf:
This is dummy text. It is not meant to be read. Accordingly, it is difficult to figure out when to end it. But then, this is dummy text. It is not meant to be read. Period.
ConversionConversion EmoticonEmoticon