Hi everyone, in this post I will teach you to create your own certification authority for digital certificates like ssl. We will need openSSL.
Step 1
First, download openSSL from https://slproweb.com/products/Win32OpenSSL.html . Then extract the file and rename the extracted folder to OpenSSL-Win32. Then move the folder to C:\ .
Then open an app in windows called Edit the system environment variables.
Open the app. Then Select Environment Variables at the bottom.
Then Select PATH at the top
Then Click edit. Then click new and Type C:\OpenSSL-Win32 and press the OK button on all windows. Now open cmd and type openssl. If you get OpenSSL> then you have successfully installed openssl. Otherwise, trying installing it again.
Step 2
Now create a batch file with the following code.
@echo off
openssl genrsa -des3 -out myCA.key 2048
openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem
set /p domain=Enter Domain To Issue Certificate To:
mkdir %domain%
copy myCA.key %domain%
copy myCA.pem %domain%
copy myCA.srl %domain%
cd %domain%
goto :generate_cert
:generate_cert
pause
openssl genrsa -out %domain%.key 2048
pause
openssl req -new -key %domain%.key -out %domain%.csr
pause
echo. 2> %domain%.ext
echo authorityKeyIdentifier=keyid,issuer > %domain%.ext
echo basicConstraints=CA:FALSE >> %domain%.ext
echo keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment >> %domain%.ext
echo subjectAltName = @alt_names >> %domain%.ext
echo [alt_names] >> %domain%.ext
echo DNS.1 = %domain% >> %domain%.ext
pause
openssl x509 -req -in %domain%.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out %domain%.crt -days 825 -sha256 -extfile %domain%.ext
pause
:end
pauseAnd save it as create.bat . Now run it and enter all the details, you should have your Certificate Authority and Your First Certificate.
Done!
January 6, 2021 at 1:15 pm
Hope you like the post.