Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (69)
EC Keys (572)
Firefox (31)
General (12)
Google Chrome (25)
Intermediate CA (152)
Java VM (33)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (22)
OpenSSL (237)
Other (7)
Portecle (38)
Publishers (2697)
Revoked Certificates (30)
Root CA (89)
RSA Keys (2225)
Tools (46)
Tutorial (3)
What Is (22)
Windows (129)
Collections:
Other Resources:
OpenSSL "ca -selfsign" - Self Sign CSR
How to sign my own CSR to create a self-signed certificate using the OpenSSL "ca" command?
✍: FYIcenter.com
You can use the OpenSSL "req -new -x509" command to generate a self-signed certificate
from your private key.
But you can also use the "ca -selfsign" command to generate a self-signed certificate from your CSR as shown below:
C:\Users\fyicenter>\local\OpenSSL-Win32\bin\openssl.exe OpenSSL> x509 -x509toreq -in my_ca.crt -signkey my_ca.key -out my_ca.csr Getting request Private Key Enter pass phrase for my_ca.key:fyicenter Generating certificate request OpenSSL> ca -selfsign -in my_ca.csr -keyfile my_ca.key -out my_ca_2.crt Using configuration from C:\local\OpenSSL-Win32\bin\openssl.cfg Enter pass phrase for my_ca.key: Check that the request matches the signature Signature ok Certificate Details: Serial Number: 4100 (0x1004) Validity Not Before: Sep 3 00:33:07 2016 GMT Not After : Sep 3 00:33:07 2017 GMT Subject: countryName = US stateOrProvinceName = TX organizationName = FYIcenter.com organizationalUnitName = Security commonName = FYIcenter Root CA emailAddress = root-ca@fyicenter.com X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 7E:2F:80:3A:74:C8:4C:04:15:66:C6:B0:D3:47:D5:DE:D4:71:4A:FF X509v3 Authority Key Identifier: keyid:7E:2F:80:3A:74:C8:4C:04:15:66:C6:B0:D3:47:D5:DE:D4:71:4A:FF Certificate is to be certified until Sep 3 00:33:07 2017 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries OpenSSL> exit C:\Users\fyicenter>type demoCA\index.txt ... V 170903003307Z 1004 unknown /C=US/ST=TX/O=FYIcenter.com /OU=Security/CN=FYIcenter Root CA/emailAddress=root-ca@fyicenter.com
Notes about the above test:
⇒ OpenSSL "ca -config" - Using Configuration File
2016-09-09, 2053👍, 0💬
Popular Posts:
How to view the ASN.1 structure of an DSA private key using the OpenSSL "asn1parse" command? You can...
Why am I getting the "Could not initialize the application's security component" error when staring ...
Certificate Summary: Subject: thawte Primary Root CA - G3 Issuer: thawte Primary Root CA - G3 Expira...
Where to find tutorials on using OpenSSL to manage certificate? Here is a collection of tutorials on...
Where are private keys are stored on my Windows system? I want to know where are my private keys cre...