Collections:
Other Resources:
OpenSSL "ca -selfsign" - Self Sign CSR
How to sign my own CSR to create a self-signed certificate using the OpenSSL "ca" command?
✍: FYIcenter.com
You can use the OpenSSL "req -new -x509" command to generate a self-signed certificate from your private key.
But you can also use the "ca -selfsign" command to generate a self-signed certificate from your CSR as shown below:
C:\Users\fyicenter>\local\OpenSSL-Win32\bin\openssl.exe OpenSSL> x509 -x509toreq -in my_ca.crt -signkey my_ca.key -out my_ca.csr Getting request Private Key Enter pass phrase for my_ca.key:fyicenter Generating certificate request OpenSSL> ca -selfsign -in my_ca.csr -keyfile my_ca.key -out my_ca_2.crt Using configuration from C:\local\OpenSSL-Win32\bin\openssl.cfg Enter pass phrase for my_ca.key: Check that the request matches the signature Signature ok Certificate Details: Serial Number: 4100 (0x1004) Validity Not Before: Sep 3 00:33:07 2016 GMT Not After : Sep 3 00:33:07 2017 GMT Subject: countryName = US stateOrProvinceName = TX organizationName = FYIcenter.com organizationalUnitName = Security commonName = FYIcenter Root CA emailAddress = root-ca@fyicenter.com X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 7E:2F:80:3A:74:C8:4C:04:15:66:C6:B0:D3:47:D5:DE:D4:71:4A:FF X509v3 Authority Key Identifier: keyid:7E:2F:80:3A:74:C8:4C:04:15:66:C6:B0:D3:47:D5:DE:D4:71:4A:FF Certificate is to be certified until Sep 3 00:33:07 2017 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries OpenSSL> exit C:\Users\fyicenter>type demoCA\index.txt ... V 170903003307Z 1004 unknown /C=US/ST=TX/O=FYIcenter.com /OU=Security/CN=FYIcenter Root CA/emailAddress=root-ca@fyicenter.com
Notes about the above test:
⇒ OpenSSL "ca -config" - Using Configuration File
2016-09-09, 3343🔥, 0💬
Popular Posts:
How to open a keystore file with Portecle? Note: Portecle supports the following keystore types: JKS...
Certificate Summary: Subject: GlobalSign ECC OV SSL CA 2018 Issuer: GlobalSign Expiration: 2028-11-2...
Certificate Summary: Subject: *.mail.yahoo.com Issuer: DigiCert High Assurance CA-3 Expiration: 2014...
How to start the "Certificate Manager" from Google Chrome? I heard that it can be used to manage tru...
How to import a root CA certificate into IE? I have the certificate in a file. If you want to import...