Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (83)
EC Keys (2389)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (6528)
Revoked Certificates (16)
Root CA (85)
RSA Keys (5269)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
OpenSSL "ca -selfsign" - Self Sign CSR
How to sign my own CSR to create a self-signed certificate using the OpenSSL "ca" command?
✍: FYIcenter.com
You can use the OpenSSL "req -new -x509" command to generate a self-signed certificate from your private key.
But you can also use the "ca -selfsign" command to generate a self-signed certificate from your CSR as shown below:
C:\Users\fyicenter>\local\OpenSSL-Win32\bin\openssl.exe OpenSSL> x509 -x509toreq -in my_ca.crt -signkey my_ca.key -out my_ca.csr Getting request Private Key Enter pass phrase for my_ca.key:fyicenter Generating certificate request OpenSSL> ca -selfsign -in my_ca.csr -keyfile my_ca.key -out my_ca_2.crt Using configuration from C:\local\OpenSSL-Win32\bin\openssl.cfg Enter pass phrase for my_ca.key: Check that the request matches the signature Signature ok Certificate Details: Serial Number: 4100 (0x1004) Validity Not Before: Sep 3 00:33:07 2016 GMT Not After : Sep 3 00:33:07 2017 GMT Subject: countryName = US stateOrProvinceName = TX organizationName = FYIcenter.com organizationalUnitName = Security commonName = FYIcenter Root CA emailAddress = root-ca@fyicenter.com X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 7E:2F:80:3A:74:C8:4C:04:15:66:C6:B0:D3:47:D5:DE:D4:71:4A:FF X509v3 Authority Key Identifier: keyid:7E:2F:80:3A:74:C8:4C:04:15:66:C6:B0:D3:47:D5:DE:D4:71:4A:FF Certificate is to be certified until Sep 3 00:33:07 2017 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries OpenSSL> exit C:\Users\fyicenter>type demoCA\index.txt ... V 170903003307Z 1004 unknown /C=US/ST=TX/O=FYIcenter.com /OU=Security/CN=FYIcenter Root CA/emailAddress=root-ca@fyicenter.com
Notes about the above test:
⇒ OpenSSL "ca -config" - Using Configuration File
2016-09-09, 2967👍, 0💬
Popular Posts:
What is "Java Control Panel" on Mac computers? I heard that it's a nice tool. The Java Control Panel...
Certificate Summary: Subject Common Name (CN): DigiCert SHA2 Extended Validation Server CA Issuer Co...
How to read general information of a server certificate in IE? What is the meaning of "Issued by"? T...
How to view certificate details using Java Control Panel? To view detailed information of certificat...
How to generate a DER file with a configuration file using the OpenSSL "ans1parse" command? You can ...