What is SSL Certificate?
An SSL (Secure Sockets Layer) certificate is a digital certificate that validates the identity of a website and encrypts information sent to the server using SSL technology. Encryption is the way toward scrambling information into an undecipherable arrangement that must be come back to a clear organization with the correct decryption key.
A certificate serves as an electronic “passport” that sets up an online element’s certifications while working together on the Web. When an Internet user attempts to send confidential information to a Web server. The client’s program gets to the server’s digital certificate and establishes a secure connection.
What Is Open SSL?
OpenSSL is an open source implementation of the SSL and TLS protocols. It provides an encryption transport layer on top of the normal communications layer. Allowing it to be intertwined with many network applications and services. The default SSL Profile in the Cloud Management Console has a generic Common Name. When associating an SSL profile to a Gateway Cluster? If using the default SSL Profile, your application making API calls may fail to verify the host name. It is connecting to against the certificate presented. In this case, you can generate a new self-signed certificate that represents a common name your application can validate. This topic tells you how to generate self-signed SSL certificate requests using the OpenSSL toolkit to enable HTTPS connections.
OpenSSL is often used to encrypt authentication of mail clients and to secure web based transactions such as credit card payments. Some ports, such as www/apache24 and databases/postgresql91-server. Include a compile option for building with OpenSSL.
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) & Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.
OpenSSL is licensed under an Apache-style license. Which basically means that you are free to get and use it for commercial and non-commercial purposes subject to some simple license conditions.
To Create self-signed SSL certificate on Windows system using OpenSSL follow below Steps.
First install the OpenSSL
1. To create the self-signed SSL certificate first you have to install the OpenSSL application in your windows system. You can download the application from here.
Install the software in “C:\Program Files\OpenSSL-Win64” location. Then Click Next and finish the installation.
2. After completing the installation open the command prompt
Create a temporary directory “demo”
> cd demo
> set RANDFILE=c:\demo\.rnd
set OPENSSL_CONF=C:\Program Files\OpenSSL-Win64\bin\openssl.cfg
3. Now lunch the openssl.exe by running the below command
> “C:\Program Files\OpenSSL-Win64\bin\openssl.exe”
Use the “” to run the command
4. Now you have to create key file for your CA certificate
> genrsa -out can.key 2048
5. Now create the root CA certificate using the key file
> req -new -x509 -days 1826 -key can.key -out canew.crt
It will ask for some details like Country Name, Sate, City, Organization Name FQDN name. FQDN name should be your domain name who have the certificate authority of your domain.
6. Now generate public key for your application SSL certificate.
>genrsa -out ianew.key 2048
7. Now create a CSR with the newly created public key “ianew.key”
> req -new -key ianew.key -out ianew.csr
It will ask for some details like Country Name, Sate, City, Organization Name and FQDN name. FQDN name should be your host/computer FQDN name of you web server or application server.
8. Now singed the csr certificate with you root CA certificate which you created in step no 2.
> x509 -req -days 1826 -in ianew.csr -CA canew.crt -CAkey can.key -set_serial 01 -out ianew.crt
Now your self sign-certificate is ready You have to install the root ca certificate on your client system to avoid the certificate error.
Now you can deploy the self-signed SSL certificate to your web server hosted in Windows or Linux. This easy way you can create self-signed SSL certificate on Windows by using OpenSSL.