SSL Certificates have been around for more than a decade now but it was recently when Google made it indispensable that everyone started thinking about it. SSL Certificate is not a Google product but an encryption service that encrypts all data that is transmitted through your site. SSL Certificates are making the world a better place one website at a time.
Secure Socket layer is overcoming the security concerns and allow webmasters to do business online without being threatened or challenged. Un-authorized personnel, hackers and data thieves are going to have a hard time attacking and hacking data from sites secured with SSL certificates.
In this detailed article, we will go through each and every step of creating self-signed certificates intricately and understand the importance as well. Follow this guide and you can create self-signed certificate using OpenSSL within an hour or two.
There are varied aspects of an SSL Certificate; in this article we are going to look at the creation of Self-signed SSL with the help of Open SSL:
OpenSSL in the simplest language can be defined as an open source system for building SSL and TLS. Keeping up with the security in the modern world is extremely essential and necessary for business to move forward and acquire a huge audience base. What an OpenSSL does is add extra security to the common communication layer of a website hence making it way more secure.
It is used on local computers to generate self-signed SSL Certificates. Let’s go through varied steps involved in the creation of a self-signed certificate:
Step 1: Generate a Private Key: You will be required to open the OpenSSL tool for creating a private key. Along with the private key you will also have to create a certificate signing request. Varied developers also use this tool from around the world for creating certificates for test pages. Testing a page before employing it online is an important task that needs to be executed precisely.
Creating an RSA Private Key:
Now open the OpenSSL and put in the following code into the tool:
openssl>genrsa -des3 -out server.key 1024
or
openssl>genrsa -des3 -out server.key 2048
Now, when you press ENTER you will be asked to enter a pass phrase for the server.key. Enter a pass phrase of your choice and do not forget it. The entered pass phrase will be used later for decrypting the information encrypted.
Loading ‘screen’ into random state – done
Generating RSA private key, 1024 bit long modulus
…………………….++++++
…………..++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Note: It is important to make a note of the pass phrase because it will be required later for varied usages.
Step 2: Generate a Certificate Signing Request:
It is only after generating a private key we can move ahead to create a Certificate Signing Request. The certificate generated here will be sent to a Certificate Authority, who will be responsible for making it authentic. The authority will verify the certificate and make it legal for you to use the certificate. Authorities like Verisign are the ones who generally verify these self-signed certificates.
Now, it is time to self-sign the certificate signing request we generated:
The command to generate the CSR is as follows:
req –new –key private_key_file_name.key -sha256 –out csr_file_name.csr
Openssl>req -new -key server.key -sha256 -out server.csr
The server.csr generated can now be sent to Certificate Authority like Verisign for verification. You are also allowed to self-sign it and use it but do not forget to test the page a few times to see that it is working properly.
Step 3: Creating a Self-Signed Certificate
Let’s get to the creation of self-signed certificate, which saves you from getting it signed from a certificate authority. You can rely on these self-signed certificates for 365 days without any trouble. Do not forget to renew it every year on your own.
Your server.csr is generated.
Step 4: Converting CRT to PET Format
It is important to convert CRT to PET because it is the only format that can be read by a reader. Here’s step by step guide to do it:
Openssl> x509 -in server.crt -out server.pem -outform PEM
The format is now changed and is all set for you to use.
SSL is no more privilege but a necessity for businesses; any enterprise that wants to sell online or engage with customers over the Internet needs to acquire the certificates. While businesses are required, small scale organizations and bloggers can rely on self-signed certificates for acquiring the requisite security against the harmful threats by data hacker or thieves.
This self-signed certificate costs nothing but is of great use. With the entire security layer in them, the data is transmitted only after being encrypted which can only be decrypted by entities with the private key. The overall procedure of creating a self-signed SSL certificate using OpenSSL is quite easy but really very useful. One can rely on these options for building a better site with the requisite security in it.
Leave Comment