How to create a valid self signed SSL Certificate?

Hi Christian, I have been watching your videos for ages and with your help I have grown my little raspberry pi "home lab" out into 3 separate servers running more services than I have any business or need to run. I enjoyed this video and it was very informative. Thank you for all the help and wish me luck setting up my own CA.

Thank you very much. This was extremely useful. You took a very confusing and convoluted process and made it as easy to understand as possible. I was able to setup certs on several home servers that I've been trying to figure out for years. I really appreciate your time making this video. Very helpful.

I subscribed last week, mostly because I'm into Docker and you seem to cover it a lot. You've already proven to be quite useful with this tutorial, which I ran into completely by coincidence. Just wanted to say I really appreciate you, thanks!

Might be the most important video I've watched in 5 years, wow. Thanks SO much for this, very well done!

Hands down, absolutely outstanding work. Thank you so much for this video. I absolutely loved it. You earned a sub!

Thanks a million! I was following some other documented tutorials and none of them seem to explain what is important and what is not. I didn't have a DNS name so I had to rely on IP addresses. After spending 2 days of trying to setup SSL certificates, I finally found and followed your video and it just worked straight away!

You really know your stuff. So much information in 25 minutes!

I've been trying this for weeks, and you managed to make me understand and actually learn something about certificates. Indeed, you are an excelent teacher! Thanks a lot

This was exactly what I needed to understand the cert-creation process. Thank you, and I have now subscribed to your channel :D

Great video! You've corrected the topic in great detail. This will be my reference video on this topic. Keep producing video on these interesting topics. You've got a new subscriber

Nice overview about CA's and how Windows trust certificates from websites. And well detailed explanation about the steps to generate a valid certificate. It really comes in handy to me right know, because I was dealing with some troubles to generate a certificate to a local system in my job. Thank you very much! Keep it up! 👏👏👏

Thanks so much for this video. It really helped me a lot. For a long time I was having problems with other tutorials tying to configure this, and with your video I managed to get everything working really fast. Thanks again!

Thank you so much. I had been annoyed by this for a long time. I appreciated very much your way of explaining things with just the level of details needed (at least in my case). I could follow the steps one after the other and it worked fine. I wrote down the process to repeat this in the future. Thank you so much again, from France.

just started to dip my toes into self signing so this is wonderful timing that you to made a fresh video about it.
🤗

Thanks Bro. This explanitation gave me the needed steps to finally learn the SSL certificate concept and creation. All of my internally hosted consols are now secure. It was even possible for me to adjust my certificate chain for a cisco wlc which I wanted to start using. Without your instructions, I couldn't have made this jump. Vielen Dank!

After a very long time struggling with it I finally got it working thanks to you! Thank you!

Thanks for doing this. I watched it several times (and reviewed your very helpful 'Cheat-sheets' on git). I understand the process for setting up internal CA (with respective keys), as well as the signing request process. BUT, I'm still not sure how to go about creating certificates that have *wild-cards* for an IP range so that I can use more broadly in my home lab environment. I'll keep plugging away with some other how-to tutorials, and eventually I'll have the 'Eureka' moment and it'll all make sense. Nonetheless, your tutorial was very good and much appreciated. Cheers.

Excellent will use it today ! Thanks for documenting all process !

Very good explanations. The part I was looking for was how to import the ca certificate into the client devices.

Thank you for your time and knowledge, an invaluable help, especially because you turned something complex into a simple one, thank you, it has helped me a lot

It is absolutely nuts how many subs you have now. Congrats man! I have been studying to get some certs lately so I'll see how it goes!

love the videos pal - literally just finished watching several of your nginx proxy manager videos!

hey Christian!
You just got a new subscriber man!
Explained it beautifully!

Your video came just in time to save my day.
Didn't know i could be a CA as well create a SSL certificate.
Amazing

thank you, just a note , the file extfile.cnf has to be encoded in utf-8 , you can convert it via visual studio code , otherwise an error will show up
"x509: Error on line 1 of config file "extfile.cnf" 8C520000:error:07000065:configuration file routines:def_load_bio:missing equal sign:crypto\conf\conf_def.c:513:HERE--> ■sline 1"

Hi Christian, thank you for that video, it is exactly what I was looking for, followed your steps and it works perfectly. You got one more subscriber.

best explanation ever, thank you so much. for the first time, i actually understand ssl certs

Thanks for making this video, great explanation of how it all works, reassuring to see all the reading of separate info I've been doing was in a simple video.

Wow ... amazing !!! ... your step by step is exactly what I need ... and it's working A1 ... thank's for your generosity :)

Thanks a ton! I have fond memories of adding SSL certificates to web 1.0 programs lol like deadAIM n such. Been really wanting to know more about its potential applications now adays. Appreciate the info. ~

I had so many issues before trying to get SSL working on my VMware ESXI Server. Now I just used all the steps in this video and replaced the .csr file with the "Generate FQDN signing request" text (copied and put in a text file) that you can generate in ESXI. It instantly worked.
Before this Video I "broke" my server so I couldn't access it from the webinterface anymore (had to plug in Monitor & Keyboard to find out that the SSL Certificate was invalid so the webserver didn't start).
Thanks for making it this easy to follow👍

Great video Christian! Thank you very much for sharing it with us!💖👍😎JP

I autommatically press like when i see your videos. Awesome guy!!!!🙂🙂🙂🙂

Very great video! This was exactly what I've been looking for days and days. Very helpful. Thx! Keep it up

Always great content!
Re-watch it?? Not only, study it!!
Absolutely interesting and useful.
Thank you and keep on with this excellent content

Very helpful, helped filled in some knowledge gaps in private CA's.

This was exactly what I was looking for.
Helped a Ton!
Thanks

Thank you so much, very informative and has finally enabled me to get rid of the annoying warning message when logging into my nas. Great job!

Thank you so much. You just earned a subscriber here. Great content.

Excellent video. Very informative. Good job.

Thank you, this is just what I was looking for! Very helpful, great video!

Really great, it's been a while since I was looking for this, i've implemented the same concept in Pfsense and made a web server to distribute the CA certificate to others devices

I was searching to really solve this trusting issue puzzle for years by relying on Windows CA role and has been impossible. Endless gratitude to you !!!

Thanks for the great explanation!

Thanks for this video, your documentation is amazing, it makes it very easy to follow your instructions and I now understand what's happening...

Thank you for splitting the video into segments, I already knew the basics and could just skip ahead to relevant parts.

Loved the video! And yes, please do a deep dive video as well 😇

That's exaclty what I did when decide to move all my home network to SSL couple of weeks ago, glad to see we are on the same wave :)

Finally a video that explains this process thoroughly, thank you

Excellent presentation and content! Bravo and thank you!!

I don't have enough words to thank you !!!!! You saved a life here..

You are awesome man! Very clean explanation

Thank you for demystifying the concept! It helped a lot!

Thanks for your helpful videos!

thank you so much! finally found a working solution at first attempt

Thanks for the helpful video as always! 👍👍

No worries, Christian I am very deep into encryption and you explained it just fine and it was not over simplified from a high level it was on point.

Thx for the fullchain tip. I had read about it in the Proxmox docs, but just the standalone cert worked for me :)

Your video is fantastic!! Compliment

Subscribed. I'm trying to keep my subscriptions list tidy, so take it as a massive compliment!

Thanks Alot Father Christimas 😁😁

Thank you VERY much for making this video

This excellent and great video … yes! finally what I needed 👍🏼

such a great work. thanks!

This is really helpful. Thank you.

Thank you, very helped for me

Thank you very much. You helped me a lot.

In addition to this, if you are running Linux a self signed cert also helps you with signing your bootloader and enable secure boot properly ;) ..fun video always enjoy your passion with them!

very useful video, thank you very much

Thank you very much! You saved my day!

I love you man, you saved me days

well done ... please bring more stuff on this...

Excellent and detailed guide to resolve an issue as complicated as SSL.
What would be different in the certificates if TLS 1.3 is used?

thank you so much bro I was going around in circles until I got to this video

Hi Christian, endlich mal eine verständliche und funktionierende Anleitung, wie man selber Zertifikate für sein Homelab erstellen und einsetzen kann. Sehr gut, danke dir! Ich möchte an dieser Stelle auch noch einmal erwähnen, dass ich neben deinen Videoinhalten auch in besonderem Maße die Qualität deiner Videos (Sound, Bild, Schnitt, Lautstärke, Farben, Abstimmung, Präsentation, Darstellung, Stimmung etc.) zu schätzen weiß. Nach meinem Empfinden bildest du damit einen Standard, an den derzeit kaum jemand heran kommt. Weiter so. Uppps, jetzt habe ich doch instinktiv in deutsch geschrieben 🙂

video was so good i had to smash like & subscribe

It works! Thanks! 😄

Great video this. Thank you

Ok but this is freaky. I was looking for a decent tutorial the whole of today and knew you mentioned it before but couldn't find it lol. At least I know where to look now

Danke für das Video, das hat unser Problem gelöst

Come in handy! Thank you!

Finally the answer to the most headache of running a home lab!

Thank You so much!

Thank you so much 🙏🙏

Thanks for taking the time to put together this video tutorial. I understand how to follow through the steps as you're doing them, but unfortunately I don't understand WHY I'm doing it at each step and what each step is doing for me, because there were too many words being spoken and it was confusing. One of the things I was not initially clear on, but now understand why is that I needed to add a linux distro in my lab environment to run openSSL. That's one more thing for me to have to manage! Also, where does it put the files it made? I can't find them. Forgive my rookie questions, first time I'm ever doing this. Very new to linux and to openSSL. Total NOOB here with certificates.

You have touched on a lot of topics in an excellent narrative and really detailed. I really thank you for this. But there is something I want to ask. Does everyone in the "standard user" class who connects to our web page have to add to the trusted certificates you made in the last step here? That is, after we prepare the certificate, can it securely exit to the internet?
Another issue is that we want to sign our software that we prepare in our company with code signing. Can rootCA be used for this? Can we sign our software using the certificate created with this method?
Thank you very much.

Just trying to mind my own business, watch this vid and learn some stuff when at 1:43...are those Bishop boulders/ Eastern Sierras I see??
Way to win the 'like' smash before the lesson even starts! 🙂 Even if they aren't, great shot/pebbles nonetheless...alright, now time to learn!

thanks a lot for the amazing video

Thank you very much! I tried to do this and failed a couple of weeks ago. Gonna give it another try.

Very good video, for my local environment I use cerbot with cloudflare api to authorize the certificate creation locally without any ports open and then either pass everything through a local proxy or by installing the cerbot client and setting up the subdomain for the service if it's an important one like freeipa/teleport/other important service that I don't want to use a local proxy.

thanks for the video. I didn't understand the last part, is the command executed on the machine from where I open the page or on the server?

Very clear explanation video! I have subscribed. Just doesn't find the install guide for Macbook in the cheatsheet.

Awesome work.

Great content!

Awesome video, are you using your private CA with Teleport? Does Teleport use it to sign the certificates it generates?

Where can I find your notes from this video? I could not find it on your github. Great tutorial. Thank you.

Thank you very much

Thank you very much you SIR!!! you are my go-to youtube channel for my IT carreer!
Quick question: what terminal software you used in this video? the UI looks so clean. Thank you

Thanks Very much

Thanks a lot. What type of terminal are you using?