Create & sign SSL/TLS certificates with openssl
Вставка
- Опубліковано 15 гру 2024
- In this video, we will learn how to generate a SSL/TLS certificate signing request (CSR) and have it signed by a Certificate Authority (CA). For the purpose of this tutorial, we won’t submit the CSR to a real CA. Instead, we will play both roles: the certificate authority and the certificate applicant.
Join us on Discord: bit.ly/techsch...
Buy us a coffee: www.buymeacoff...
We will use openssl to do following things:
1. Generate a private key and self-signed certificate of the Certificate Authority (CA).
2. Generate a private key and certificate signing request (CSR) for our web server.
3. Use the CA's private key to sign our web server's CSR and get back the signed certificate.
4. Verify if a certificate is valid or not.
I strongly recommend you to watch this video first to get a deep understanding of SSL/TLS: • A complete overview of...
You can also read this in text format on DEV: dev.to/techsch...
---
Credit:
Desktop wallpaper is a photo by Scott Taylor on Unsplash:
unsplash.com/p...
Man, I even took a 3 hour Pluralsight course on this. But none were as good as yours. You're just incredibly awesome.
Wow, thanks!
Pluralsight is highly overrated!
I wish every tech video on UA-cam is like this.
Thanks!
Beauty.... Thank you so much.. I was trying to setup self signed certs in my controlled environemt and i was always confused about all this. You made it very simple... Awesome
You got this!
badass job! one of the best SSL videos I've ever watched!
Thank you!
Your tutorial was so helpful, especially for the Subject Alternative Name Section in the Certificates. Thanks a ton, you rock!!
Awesome, thank you!
WOW...!!! To actually see some of these commands used, and how they is priceless... Thank you...!!!
Don't stop now... Hope you'll make more videos explaining some of the options for various commands..
Thanks, will do!
This is simply excellent and exactly what I have been looking for weeks in the past.
Thanks bud.
Glad I could help!
Man that last video was very good! I couldnt understand everything but its a piece of good kowledge!
Glad to hear that!
Thank you for the tutorial.
I really enjoyed watching both videos(this & SSL/TLS overview).
Thanks! Glad you enjoyed it!
Thật bất ngờ khi anh là người Việt Nam. Cho em xin được gửi lời chào và cảm ơn anh vì video.
Thanks em!
Thank you very much, you saved me ton of time understanding openssl to create self signed certificate.
Great to hear!
Thank you so much
That was exactly what I was looking for !!!
Glad I could help!
Thanks for the detailed explanation. It is simply awesome!
I have a question, that in my project i want to use .p12 format certificate file for SSL web server hosting and SSL pinning at client app end. Could you please let me know, how to create .p12 using the files u created .pem ?
I think you can use the openssl pkcs12 command to convert the file
man.openbsd.org/openssl#pkcs12
Here are some tutorials:
www.paypal.com/us/smarthelp/article/how-do-i-convert-my-pem-format-certificate-to-pkcs12-as-required-by-the-java-and-.net-sdks-ts1020
help.hcltechsw.com/appscan/Standard/9.0.3/en-US/t_ConvertthepfxCertificatetopemFormat068.html
Do you have any video which uses these pem files, not sure which one to use? like how can I use this for mongodb ssl or how can I use it for springboot app?
Yeah, you can take a look at these 2 videos:
ua-cam.com/video/jmqLJMFS_yI/v-deo.html
ua-cam.com/video/cDSQM322Vh4/v-deo.html
I followed your video to generate the files for using haproxy with SSL. I got all the files exactly as you did and I ran openssl verify -CAfile ca-cert.pem server-cert.pem which says server-cert.pem: OK. In order to make haproxy with SSL to work, I need to have only one .pem file which contains the private key, the certificate and the chain values. Can you tell me what content of those files generated need to be used by order of importance in order to create the latest .pem file for haproxy ? Thank you
Excellent! tried on linux and Chrome / Firefox recognize the ca-cert-pem without any issues, but it didn't work on Windows (Chrome /internet explorer). is there any conversion need to be done?
Hey bro. Help me with this question: With tls you can still read the email and secret (maybe password) sent from the client to the server in the network tab so what exactly is being encrypted?
if you are using gitbash in windows and the -subj option is not working
convert all / to //
because mingw is trying to change the arguments that looks like paths to actual paths which we don't want in this case.
so // will escape that
Thanks for the information!
Great video and explanation. Is there a way to change the notBefore date? I want to rotate certs and need to create certs that have start dates in the future and not at the time of creation, so just wondering if there's a way to change the startdate or notBefore date, thanks.
Super helpful, thanks !
Can this CA be used for https proxying, like Burp Suite's CA does?
man, that was a wonderful explanation. good job
Much appreciated!
This is brilliant work! Thank you so much for this. :)
Thank you!
How do I implement it on my own webserver and host? Do you have a video for that? Nice video. I subbed!
If you are on Mac and when you are using ./gen.sh command and you get "permission denied error', then you have to give it the execution permission by using "chmod +x ./gen.sh" command (you are in your file folder). And then try to run ./gen.sh one more time. It should work now.
Thanks for the tip!
great tutorial as usual
Thanks again!
Great video, thank you
This is super !
Thanks!
Amazing tutorial, thank you very much!
Glad it was helpful!
I skipped creating 'server.ext.cnf' for some reason it returned an error. I got a command not found. But I guess all i need for now for server testing purposes are the the key and cert files. huge help, appreciate it!
Thanks for watching!
Using the generated certificate to configure HTTPS on the webserver how can we do that ??
Hi Ghazala, I will cover it in one of my video soon.
@@TECHSCHOOLGURU thankew
Does open SSL certs allow the use of geolocation API in browsers?
Yes, Benjamin. Browsers often require SSL to enable geolocation.
Wow man thanks very much u really help me
Happy to help!
Anyone please help me to resolve the below error.
Can't open server-ext.cnf for reading, No such file or directory
Hi Vinay, you just need to create that file. Please check out the code here:
github.com/techschool/pcbook-go/blob/master/cert/server-ext.cnf
@@TECHSCHOOLGURU thanks for your reply I resolved the issue
Thanks a lot bro
Thanks for the tutorial!
Happy to help!
How do I use this SSl file and connect my wordpress sites with it
Hey Ahmad, I think this kind of self-signed certificate is only suitable for development/testing.
On production, you should use a real certificate. Maybe you can checkout Letsencrypt letsencrypt.org/
thanks, good session on steps of ssl cert generation
Thanks!
Hi Could you please guide me how can i enable TLSv1.1 in openssl
Hi Harsheena,
TLS 1.1 is already deprecated. I think you should use at least TLS 1.2, or better move to TLS 1.3 to be more secure.
Você foi simplesmente fantástico! Muito obrigado.
Thank you!
Great Work
Thank you! Cheers!
OH! Thank you so so much!
Thank you for watching, Shrinidhij!
nice explanation!
Thanks! 😃
Thank you very much!
Welcome!
Thank ypu the vedio
Thanks!
You are from VN ?
Yes, I am
still dont get it, why this stuff is complicated as hell
Hi, maybe you should watch this video first to get a better understanding about TLS: ua-cam.com/video/-f4Gbk-U758/v-deo.html
not visible
why not?
great
Thank you!
Great video, thank you
Glad you liked it!