Linux OpenSSL Self Signed Certificate
Contents
Linux OpenSSL Self Signed Certificate.
Create RSA Private Certificate Key
With this key , we can create a Certificate Request and we can even self sign our own certiticate.
Here we are going to create 2048 bit key.
OpenSSL requests a pass pharase for key by default.
$ openssl genrsa -aes256 -out openssl_rsa_private_key.key 2048
Output:
Enter PEM pass phrase:
80DBD8FDB27F0000:error:14000065:UI routines:UI_set_result_ex:result too small:crypto/ui/ui_lib.c:884:You must type in 4 to 1024 characters
When we provide the pass phrase Output:
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
$ ls
openssl_rsa_private_key.key
Display RSA Private Certificate Key Info
OpenSSL will ask for pass pharase
$ openssl rsa -in openssl_rsa_private_key.key -text
Output:
Enter pass phrase for openssl_rsa_private_key.key:
Private-Key: (2048 bit, 2 primes)
modulus:
00:b7:f6:2d:87:09:ec:35:1f:70:b3:74:22:f4:24:
d0:a9:9e:bb:a5:ed:76:d8:08:6f:bb:44:c1:be:90:
...
d7:8c:ca:9b:2c:a3:b3:40:9c:d7:bd:b7:58:26:28:
41:92:0d:a4:97:b4:5e:1e:b2:d6:c9:e7:1d:00:98:
6e:cd
publicExponent: 65537 (0x10001)
privateExponent:
15:e0:dd:12:c7:9b:14:49:50:33:c3:7e:e9:b6:dc:
2b:24:21:f0:8e:b0:98:ea:4d:f1:81:70:a2:5b:90:
...
9a:34:e9:ce:44:11:2b:51:b5:83:23:24:37:15:59:
52:7e:b7:92:e0:72:02:00:7d:c3:a5:00:9d:1c:7e:
51
prime1:
00:f9:4a:8b:ea:e8:29:ac:7b:21:2f:9c:4f:c5:8c:
ad:ad:e6:52:0d:cf:4f:02:cd:90:9c:e0:a9:e8:ea:
...
8e:a5:c8:be:75:3f:f6:8c:3d:81:e6:d5:37:b9:0c:
2e:21:98:75:7f:e2:dc:f2:b1
prime2:
00:bc:e9:8d:a3:67:d1:52:15:30:e3:9b:01:cd:0d:
9c:7b:4f:ab:84:cd:f9:0b:9b:85:a7:01:d1:49:8c:
...
a3:46:51:46:fa:c0:e5:9a:1b:6b:5c:bf:ee:be:33:
45:d7:aa:dc:ab:bc:8c:ac:dd
exponent1:
70:8f:17:43:f6:95:b2:7a:5a:0e:9c:3e:6c:8d:4b:
72:44:97:72:02:d3:c3:09:3c:2d:89:47:4e:92:94:
...
d1:4e:25:a8:dd:3b:9e:30:bb:71:95:7e:36:80:68:
67:e4:e5:d0:db:87:35:d1
exponent2:
02:d0:f4:84:98:1a:9d:bf:a5:1f:ef:82:a2:5c:ee:
95:44:05:c9:90:0c:83:68:c9:20:49:3d:a6:7c:09:
...
03:8b:58:a4:8a:55:a1:eb:80:b9:3c:3f:41:e4:9f:
c8:ec:4a:27:e1:42:b3:9d
coefficient:
41:03:82:1b:de:0b:b0:f8:34:4a:1d:a2:5d:a8:ac:
ca:25:cc:c6:73:7d:c9:ef:fd:49:47:c4:8a:78:bc:
...
c5:f2:9e:da:91:17:af:0f:d9:03:35:ae:9c:1b:f7:
c2:25:8e:61:ea:1f:6a:e3
writing RSA key
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC39i2HCew1H3Cz
dCL0JNCpnrul7XbYCG+7RMG+kD4/qUFDJhKU6yBhcA5A/CtLpTHKsHNpS03HmwEJ
...
JczGc33J7/1JR8SKeLwHDg1qcQ/LgIVIzJFrkw8JQHwaV97hPTVnPJPH6BKbyMnQ
EQDO5jX7bo1tbhW4Nb10F8X5WKu8Di0pW2G6Fn+9RvhlxXUYGZWq1ZHF8p7akRev
D9kDNa6cG/fCJY5h6h9q4w==
-----END PRIVATE KEY-----
Clear Key Pass Phrase
OpenSSL will ask for pass pharase
$ openssl rsa -in openssl_rsa_private_key.key -out openssl_rsa_private_key_no_pass.key
Now if we run the same display key info command openssl will not ask for pass pharase.
Create Certificate Request
$ openssl req -new -key openssl_rsa_private_key_no_pass.key -out letslearntogether.csr
Output:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:MD
Locality Name (eg, city) [Default City]:Rockville
Organization Name (eg, company) [Default Company Ltd]:Lets Learn Together LLC
Organizational Unit Name (eg, section) []:Operations
Common Name (eg, your name or your servers hostname) []:letslearntogether.info
Email Address []:info@letslearntogether.info
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Self Sign the Certificate
Self signed certificate will be valid for 365 days.
$ openssl x509 -req -days 365 -in letslearntogether.csr -signkey openssl_rsa_private_key_no_pass.key -out letslearntogether.crt
Output:
Certificate request self-signature ok
subject=C = US, ST = MD, L = Rockville, O = Let's learn Together LLC, OU = Operations, CN = letslearntogether.info, emailAddress = info@letslearntogether.info
Display Certificate Information
$ openssl x509 -in letslearntogether.crt -text
Output:
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
2f:24:f4:c1:78:3a:0f:4b:01:12:6a:4f:f4:32:a5:00:d3:cc:cb:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, ST = MD, L = Rockville, O = Let's learn Together LLC, OU = Operations, CN = letslearntogether.info, emailAddress = info@letslearntogether.info
Validity
Not Before: Sep 25 14:32:31 2022 GMT
Not After : Sep 25 14:32:31 2023 GMT
Subject: C = US, ST = MD, L = Rockvillr, O = Let's learn Together LLC, OU = Operations, CN = letslearntogether.info, emailAddress = info@letslearntogether.info
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b7:f6:2d:87:09:ec:35:1f:70:b3:74:22:f4:24:
d0:a9:9e:bb:a5:ed:76:d8:08:6f:bb:44:c1:be:90:
3e:3f:a9:41:43:26:12:94:eb:20:61:70:0e:40:fc:
2b:4b:a5:31:ca:b0:73:69:4b:4d:c7:9b:01:09:f7:
d6:3b:cf:90:f4:b7:a5:85:18:07:6b:73:70:9d:33:
53:b9:d7:0c:d6:46:41:c6:e8:ea:b9:6a:06:06:39:
74:af:94:89:d8:6d:c2:a9:f9:bd:5e:f3:41:ea:29:
b1:4f:0f:85:65:e5:92:9e:0e:24:07:16:31:7a:6c:
7d:ea:e4:0c:72:53:7c:f8:9b:7e:00:a1:29:82:df:
47:1c:78:b5:1a:d8:da:36:8d:47:fd:c6:31:19:83:
fa:5f:2a:ed:f5:8f:9e:b1:c7:ab:0a:55:a1:34:61:
66:c3:5c:9f:23:fe:1e:52:b1:35:c6:89:ed:f2:31:
82:26:c1:a6:f2:30:e7:c2:8b:eb:84:21:58:0c:2e:
d7:e2:e8:65:fb:78:07:03:ea:20:c8:f7:24:b7:54:
ef:aa:4b:82:66:7c:45:1f:23:3e:0f:44:32:d6:53:
d7:8c:ca:9b:2c:a3:b3:40:9c:d7:bd:b7:58:26:28:
41:92:0d:a4:97:b4:5e:1e:b2:d6:c9:e7:1d:00:98:
6e:cd
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
65:c4:de:d1:47:e8:b8:19:63:dd:e0:ca:36:24:49:61:08:3b:
91:b9:34:44:30:12:72:15:7b:47:fc:82:52:03:fb:26:63:d6:
df:05:a7:c3:08:07:0e:c2:12:41:7c:27:9a:1a:02:27:3d:e6:
5a:09:dd:dd:38:ee:34:5f:7a:54:15:74:b2:32:1b:40:06:cb:
c3:60:1d:bc:58:7c:88:a9:c7:8b:7b:20:50:15:a3:7a:b5:c5:
da:40:9b:86:3e:94:4d:c8:d9:01:24:89:1d:1a:09:df:2f:2a:
da:0f:b3:fc:3f:2d:e6:83:cc:b0:5a:3e:af:90:b6:34:27:8b:
6a:18:27:84:3f:c3:94:84:14:20:57:60:55:e3:e1:83:41:79:
91:6f:7a:a9:5e:bd:d9:48:58:57:8f:16:82:2a:a0:f2:d9:de:
f3:9b:98:9d:51:a2:46:ce:7a:f8:17:5e:b4:c6:fa:31:3b:81:
cc:49:43:cf:1e:af:2f:38:5f:cb:bd:fa:c1:4a:ae:b5:c7:70:
8e:7c:22:b8:67:d8:2e:3a:25:ec:0f:f5:a3:2e:ec:13:f7:80:
07:f6:d7:bc:18:29:35:8a:ec:d9:72:b9:0a:a8:47:d1:4f:eb:
92:16:05:b3:66:08:4b:c9:7f:0b:6e:73:07:99:00:b6:e6:d7:
ca:da:65:12
-----BEGIN CERTIFICATE-----
MIID7zCCAtcCFC8k9MF4Og9LARJqT/QypQDTzMtnMA0GCSqGSIb3DQEBCwUAMIGz
MQswCQYDVQQGEwJVUzELMAkGA1UECAwCTUQxEjAQBgNVBAcMCVJvY2t2aWxscjEh
MB8GA1UECgwYTGV0J3MgbGVhcm4gVG9nZXRoZXIgTExDMRMwEQYDVQQLDApPcGVy
YXRpb25zMR8wHQYDVQQDDBZsZXRzbGVhcm50b2dldGhlci5pbmZvMSowKAYJKoZI
hvcNAQkBFhtpbmZvQGxldHNsZWFybnRvZ2V0aGVyLmluZm8wHhcNMjIwOTI1MTQz
MjMxWhcNMjMwOTI1MTQzMjMxWjCBszELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1E
MRIwEAYDVQQHDAlSb2NrdmlsbHIxITAfBgNVBAoMGExldCdzIGxlYXJuIFRvZ2V0
aGVyIExMQzETMBEGA1UECwwKT3BlcmF0aW9uczEfMB0GA1UEAwwWbGV0c2xlYXJu
dG9nZXRoZXIuaW5mbzEqMCgGCSqGSIb3DQEJARYbaW5mb0BsZXRzbGVhcm50b2dl
dGhlci5pbmZvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/Ythwns
NR9ws3Qi9CTQqZ67pe122Ahvu0TBvpA+P6lBQyYSlOsgYXAOQPwrS6UxyrBzaUtN
x5sBCffWO8+Q9LelhRgHa3NwnTNTudcM1kZBxujquWoGBjl0r5SJ2G3Cqfm9XvNB
6imxTw+FZeWSng4kBxYxemx96uQMclN8+Jt+AKEpgt9HHHi1GtjaNo1H/cYxGYP6
Xyrt9Y+escerClWhNGFmw1yfI/4eUrE1xont8jGCJsGm8jDnwovrhCFYDC7X4uhl
+3gHA+ogyPckt1TvqkuCZnxFHyM+D0Qy1lPXjMqbLKOzQJzXvbdYJihBkg2kl7Re
HrLWyecdAJhuzQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBlxN7RR+i4GWPd4Mo2
JElhCDuRuTREMBJyFXtH/IJSA/smY9bfBafDCAcOwhJBfCeaGgInPeZaCd3dOO40
X3pUFXSyMhtABsvDYB28WHyIqceLeyBQFaN6tcXaQJuGPpRNyNkBJIkdGgnfLyra
D7P8Py3mg8ywWj6vkLY0J4tqGCeEP8OUhBQgV2BV4+GDQXmRb3qpXr3ZSFhXjxaC
KqDy2d7zm5idUaJGznr4F160xvoxO4HMSUPPHq8vOF/LvfrBSq61x3COfCK4Z9gu
OiXsD/WjLuwT94AH9te8GCk1iuzZcrkKqEfRT+uSFgWzZghLyX8LbnMHmQC25tfK
2mUS
-----END CERTIFICATE-----