Collections:
Other Resources:
OpenSSL "ca -selfsign" - Self Sign CSR
How to sign my own CSR to create a self-signed certificate using the OpenSSL "ca" command?
✍: FYIcenter.com
You can use the OpenSSL "req -new -x509" command to generate a self-signed certificate from your private key.
But you can also use the "ca -selfsign" command to generate a self-signed certificate from your CSR as shown below:
C:\Users\fyicenter>\local\OpenSSL-Win32\bin\openssl.exe OpenSSL> x509 -x509toreq -in my_ca.crt -signkey my_ca.key -out my_ca.csr Getting request Private Key Enter pass phrase for my_ca.key:fyicenter Generating certificate request OpenSSL> ca -selfsign -in my_ca.csr -keyfile my_ca.key -out my_ca_2.crt Using configuration from C:\local\OpenSSL-Win32\bin\openssl.cfg Enter pass phrase for my_ca.key: Check that the request matches the signature Signature ok Certificate Details: Serial Number: 4100 (0x1004) Validity Not Before: Sep 3 00:33:07 2016 GMT Not After : Sep 3 00:33:07 2017 GMT Subject: countryName = US stateOrProvinceName = TX organizationName = FYIcenter.com organizationalUnitName = Security commonName = FYIcenter Root CA emailAddress = root-ca@fyicenter.com X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 7E:2F:80:3A:74:C8:4C:04:15:66:C6:B0:D3:47:D5:DE:D4:71:4A:FF X509v3 Authority Key Identifier: keyid:7E:2F:80:3A:74:C8:4C:04:15:66:C6:B0:D3:47:D5:DE:D4:71:4A:FF Certificate is to be certified until Sep 3 00:33:07 2017 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries OpenSSL> exit C:\Users\fyicenter>type demoCA\index.txt ... V 170903003307Z 1004 unknown /C=US/ST=TX/O=FYIcenter.com /OU=Security/CN=FYIcenter Root CA/emailAddress=root-ca@fyicenter.com
Notes about the above test:
⇒ OpenSSL "ca -config" - Using Configuration File
2016-09-09, 3050🔥, 0💬
Popular Posts:
Where can I find an example of DSA (Digital Signature Algorithm) private and public key pair example...
Certificate Summary: Subject: *.googleusercontent.com Issuer: Google Internet Authority Expiration: ...
How to start IE as an administrator? Do I need the administrator permission to delete a root CA cert...
Detailed information of 'modular N': RSA 3072-Bit Private Key - 02c4eda3cbc5a56fba20af13 b49cc75e.
What is OCSP (Online Certificate Status Protocol)? OCSP (Online Certificate Status Protocol) is an I...