Create and sign certs with OpenSSL
HTML-код
- Опубликовано: 7 окт 2020
- In this video, I talk about how to create and sign certs with OpenSSL (and convert them to PFX for Windows). This came out of my complete inability to ever remember how to do any of this, so I created a cheat sheet and then recorded this video off of it.
Cheat sheet below:
Self-signed
Generate a new private key:
openssl genrsa -out blah.key 4096
Create a self-signed cert from the private key:
openssl req -x509 -key blah.key -out blah.pub -days 365
Verify the certificate:
openssl x509 -noout -text -in blah.pub
Do all of the above in a single command:
openssl req -x509 -newkey rsa:4096 -keyout ca.key -out ca.crt -days 365 -nodes
Convert to pfx:
openssl pkcs12 -export -in ca.crt -inkey ca.key -out ca.pfx
Using a key to sign another:
Generate a new private key
Create a CSR from the private key:
openssl req -new -key blah.key -out signable.csr
Do both in the same step:
openssl req -newkey rsa:4096 -out signable.csr -keyout signable.key -nodes
Sign the CSR with the CA cert:
openssl x509 -req -in signable.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out signable.crt -days 365
Export as PFX:
openssl pkcs12 -export -in signable.crt -inkey signable.key -out signable.pfx
For more on me: brianparks.me
Thank you so much! You saved me from generating headache
Best real world explanation so far, thanks a lot!!
Thanks! I made this video because every time I need to work with certificates, I needed to relearn how to use the tools and go through the process! I’m glad it is as useful to others as it is to me!
@@DevParkour could you remake this tutorial with a sha256 type self signed certificate (valid) for apps like exe files
It was very helpful. Thanks 🙂
Thanks a lot Brian !
Very informative.
Great tutorial. Beast.
Excellent video
Thanks a lot. It's really awesome. Kindly if you can explain how to generate root and intermediate certificates as well.
wow... great .. all doubts & blockers gone !
Thanks
Hello, your video is excellent, I would like to know if you know how to review a .pfx if I was the one who generated it with, for example, the private key? Cheers!
very infomativ
👍🏻👍🏻👍🏻 nice
Thank you, one question if I have the certificate installed on my website and I want to use hmailserver and add a new one to hmailserver?
I do the same, and add the signed certificate to the website on IIS and its fine but when I access the website from the clients eventhough that I trust the root it still doesn't trust the cert. Only firefox works but chrome doesn't
sorry if I missed it in the vid. Why are we creating only private keys? Where is a public key? From other explanations, I thought it should be a part of the certificate...
Thanks for the video. Did purchase a codesign certificate from "COMODO/SECTIGO" and I'm trying to do codesign windows apps using github workflow and github secret. So far I haven't had much success to codesign.
Question do I need to embed "COMODO/SECTIGO" .crt and .key into secured .crt and secured.key prior to encode into base64 for the githubsecret or do the encode into base64 directly form "COMODO/SECTIGO"
Good question. I have done codesigning on windows apps via a CI/CD pipeline once before a few years ago. I’ll see if I can dig up what I did and make a video on it soon. I used GitLab CI/CD, but the commands/concepts should transfer.
@@DevParkour This morning I was able to codesign my app and perform my first GitHub release. I didn't need to embed the "COMODO/SECTIGO" .crt and .key files.
I'm not sure where the problem came from as I made several changes before the workflow worked.
I still must correct the release because now the package cannot be downloaded even if it is displayed in the release.
Ref Github project : MPC-MassPropertiesCalculator
I am still not 100% clear. Would you be able to make a video of how to create a web site with https: rather than http please. I know it has something to do with the SSL certificate but I am unable to relate SSL and https. Thank you
You bet!
Good one. Sometimes commands are hidden by video
I'm on a mac and to run openssl req (self signed cert action on 9:19) I had to add -new flag. Otherwise the command just hangs
@Dev Parkour could you remake this tutorial with a sha256 type self signed certificate (valid)
Your video insert covered the command lines... ?
he included in the description
How to convert pem file into crt and key
hola Sor Oscar Gomez, quiero preguntar si me puedes ayudar con un proyecto que tengo, para crear una pagina web que funciona como un control inventario, y hay que crear le multiples usuarios con diferentes niveles de acceso, y quisiera implementarle biometria por huella para los usuarios y que tenga un certificado RSA 15369 bit
the last command line was what? it cut off
Someone encrypted my files how i can fix that. He told me to pay 6k$ which o don't hav it
mate, your not signing the key with the key, you're signing the cert that you create with the key so that the key and the cert are intrinsically linked. The key is a unique value that encodes the cert. I think you made that very confusing.
very good video, it was very useful for me...🏌♀
need seriously start with the short option first. No respect for peoples time.