OpenSSL 3.0.2 – Generate a Private Key, CSR and a self-signed certificate

OpenSSL 3.0.2
Ubuntu 22.04 LTS (jammy)

OpenSSL is a useful command line tool for tasks related to PKI activities. In this tutorial I will show you how to generate a self-signed certificate so that you can use it for your lab, test or demo environment using RSA key. This will provide you a very basic understanding of the steps required to generate a self-signed certificate. You can use the CSR to request for a commercial certificate as well, you just need to take note what are the required fields / information that you need to provide to generate the type of commercial certificate that you need.

You can read more about OpenSSL at the official OpenSSL website.

https://openssl.org/docs/

Basic components to understand for this tutorial are as follow:

Certificate Signing Request (CSR) optional for self-signed certificate for a single web server.
Private Key
SSL Certificate.

Certificate Signing Request (CSR) as its name suggest is a public key from a key pair and information predominately about your organization such as FQDN, DN and etc, that you use to request for a certificate. You do not really need a CSR if all you want is a self-signed certificate for a test server and you are not going to reuse the CSR to generate a new certificate. However if you are going to request a certificate from a private Certificate Authority or or requesting for a Commercial Certificate then a CSR is needed to achieve that.

To generate the CSR you will need OpenSSL. in most new Ubuntu Distribution you should have OpenSSL installed. Having a CSR means you do not need to key in all the information again when you want to generate a new certificate when it expired.

openssl req \
-newkey rsa:2048 \
-nodes -keyout <domain.key> \
-out <domain.csr>

For self-signed certificate the private key is a key component to it. You can use the private key to generate a new certificate without the CSR. You will need to key in all the necessary information for the first time.
1. By issuing the command below you will get the private key <domain.key>
2. The certificate <domain.crt>

openssl req \
-newkey rsa:2048 \
-nodes -keyout <domain.key> \
-x509 -days 365 -out <domain.crt>

The above command will generate a X.509 certificate encoded in ASCII PEM format.

I am going to show you how you can use the certificate that you have just generated in a simple Python HTTP Server with SSL.

https://dracocyberlinux.com/python-3-10-4-http-server-with-ssl-using/

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

OpenSSL 3.0.2 – Generate a Private Key, CSR and a self-signed certificate

Recent Posts

Recent Comments

Archives

Categories

OpenSSL 3.0.2 – Generate a Private Key, CSR and a self-signed certificate

Related Posts

How to Change your Bash Prompt Permanently – Ubuntu 22.04

Python 3.10.4 – http.server HTTP servers

Python 3.10.4 – HTTP Server with SSL using

Recent Posts

Recent Comments

Archives

Categories