Collections:
Other Resources:
OpenSSL "ca -selfsign" - Self Sign CSR
How to sign my own CSR to create a self-signed certificate using the OpenSSL "ca" command?
✍: FYIcenter.com
You can use the OpenSSL "req -new -x509" command to generate a self-signed certificate from your private key.
But you can also use the "ca -selfsign" command to generate a self-signed certificate from your CSR as shown below:
C:\Users\fyicenter>\local\OpenSSL-Win32\bin\openssl.exe OpenSSL> x509 -x509toreq -in my_ca.crt -signkey my_ca.key -out my_ca.csr Getting request Private Key Enter pass phrase for my_ca.key:fyicenter Generating certificate request OpenSSL> ca -selfsign -in my_ca.csr -keyfile my_ca.key -out my_ca_2.crt Using configuration from C:\local\OpenSSL-Win32\bin\openssl.cfg Enter pass phrase for my_ca.key: Check that the request matches the signature Signature ok Certificate Details: Serial Number: 4100 (0x1004) Validity Not Before: Sep 3 00:33:07 2016 GMT Not After : Sep 3 00:33:07 2017 GMT Subject: countryName = US stateOrProvinceName = TX organizationName = FYIcenter.com organizationalUnitName = Security commonName = FYIcenter Root CA emailAddress = root-ca@fyicenter.com X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 7E:2F:80:3A:74:C8:4C:04:15:66:C6:B0:D3:47:D5:DE:D4:71:4A:FF X509v3 Authority Key Identifier: keyid:7E:2F:80:3A:74:C8:4C:04:15:66:C6:B0:D3:47:D5:DE:D4:71:4A:FF Certificate is to be certified until Sep 3 00:33:07 2017 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries OpenSSL> exit C:\Users\fyicenter>type demoCA\index.txt ... V 170903003307Z 1004 unknown /C=US/ST=TX/O=FYIcenter.com /OU=Security/CN=FYIcenter Root CA/emailAddress=root-ca@fyicenter.com
Notes about the above test:
⇒ OpenSSL "ca -config" - Using Configuration File
2016-09-09, 3252🔥, 0💬
Popular Posts:
Is Mozilla Firefox sharing certificate storage with operating system? No, Mozilla Firefox does not s...
What are the ways to use certificate for authentication? Can certificates be used to secure Web site...
Certificate summary - Owner: Yellow Book, US, ST=Pennsylvania, L=KING OF PRUSSIA, *.yellowbook.com I...
How to use the "keytool -printcertreq" command? I received a CSR (Certificate Signing Request) file ...
Certificate summary - Owner: hibu.com, hibu Limited, hibu (UK) Limited, L=Reading, ST=Berkshire, GB,...