471
edits
Changes
Creating self-signed CA certificates and keys using OpenSSL (view source)
Revision as of 15:32, 8 October 2023
, 15:32, 8 October 2023→Instructions
3. Start the OpenSSL Software. Search the '''OpenSSL''' from the Windows starts button.[[File:OPENSSL.png|thumb|364x364px|alt=|none]]
3. Start the OpenSSL Software. Search the '''OpenSSL''' from the Windows starts button.
[[File:OPEN SSL COMMAND PROMPT.png|left|thumb]]
<br />
<br />
4. OpenSSL Command Prompt will open it includes the software built, directory, and other information.[[File:OPENSSLDirectory.png|thumb|490x490px|alt=|none]]
4. OpenSSL Command Prompt will open it includes the software built, directory, and other information.
[[File:OPENSSLDirectory.png|left|thumb|465x465px]]
<br />
<br />
5. Generating CA key pair. [[File:GenerationCAkeypair.png|thumb|490x490px|alt=|none]]
5. Generating CA key pair.
[[File:GenerationCAkeypair.png|left|thumb|455x455px]]
'''Command: <span style="background:#3BC6F7">openssl genrsa -des3 -out ca.key 2048'''
'''Command: <span style="background:#3BC6F7">openssl genrsa -des3 -out ca.key 2048'''
'''Note:''' You can create a password for the CA Key Pair
'''Note:''' You can create a password for the CA Key Pair
6. Generating certificate for the CA using the CA key pair we created.
6. Generating certificate for the CA using the CA key pair we created.
[[File:Command6.png|alt=|thumb|490x490px|none]]
[[File:Command6.png|thumb|490x490px|none|link=Special:FilePath/Command6.png]]
'''Command: <span style="background:#3BC6F7">openssl req -new -x509 -days 1826 -key ca.key -out ca.crt'''
'''Command: <span style="background:#3BC6F7">openssl req -new -x509 -days 1826 -key ca.key -out ca.crt'''
'''Note:''' CA Certificate is valid for 1826 days or 5 years you can change this according to your requirement. It will ask you to enter the passphrase you created for the CA key.
'''Note:''' CA Certificate is valid for 1826 days or 5 years you can change this according to your requirement. It will ask you to enter the passphrase you created for the CA key.
7. Generating a server key pair that will be used by the broker (server)
7. Generating a server key pair that will be used by the broker (server)
[[File:Command7.png|alt=|thumb|490x490px|none]]
[[File:Command7.png|thumb|490x490px|none|link=Special:FilePath/Command7.png]]
'''Command: <span style="background:#3BC6F7">openssl genrsa -out server.key 2048'''
'''Command: <span style="background:#3BC6F7">openssl genrsa -out server.key 2048'''
<br />
<br />
8. Generating a certificate request.
8. Generating a certificate request.
[[File:Command8.png|alt=|thumb|490x490px|none]]
[[File:Command8.png|thumb|490x490px|none|link=Special:FilePath/Command8.png]]
'''Command: <span style="background:#3BC6F7">openssl req -new -out server.csr -key server.key'''
'''Command: <span style="background:#3BC6F7">openssl req -new -out server.csr -key server.key'''
'''Note:''' When you fill out the certificate request the common name is the most critical usually it is the domain name of your broker (server). You can use a full domain name or the IP address of your server. We will not send this information to CA because it is a self-signed certificate, we are the CA.
'''Note:''' When you fill out the certificate request the common name is the most critical usually it is the domain name of your broker (server). You can use a full domain name or the IP address of your server. We will not send this information to CA because it is a self-signed certificate, we are the CA.
9. Generating server.crt file.
9. Generating server.crt file.
[[File:Command9.png|alt=|thumb|490x490px|none]]
[[File:Command9.png|thumb|490x490px|none|link=Special:FilePath/Command9.png]]
'''Command: <span style="background:#3BC6F7">openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt. -days 360'''
'''Command: <span style="background:#3BC6F7">openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt. -days 360'''
'''Note''': We will use the CA key to verify and sign the certificate.
'''Note''': We will use the CA key to verify and sign the certificate.
10. If all the steps are completed correctly you can check these 3 files from the directory ca.crt, server.crt, and server.key.
10. If all the steps are completed correctly you can check these 3 files from the directory ca.crt, server.crt, and server.key.
[[File:Command10.png|alt=|thumb|490x490px|none]]
[[File:Command10.png|thumb|490x490px|none|link=Special:FilePath/Command10.png]]
'''Command: <span style="background:#3BC6F7">dir'''
'''Command: <span style="background:#3BC6F7">dir'''
'''Note:''' To check the files go to this directory C:\Users\<username>.
'''Note:''' To check the files go to this directory C:\Users\<username>.
<br />
<br />
