Skip to main content

Self-Signed Certificate and How to Create a Using OpenSSL

Self-Signed Certificate and How to Create a Using OpenSSL



SSL is for Secure Socket Layer is To secure connection an SSL Certificate is used which is commonly used on web servers.


SSL Certificates mainly serve two functions:

  • Authenticates the identity of the servers (so that users know that they are not sending their information to the wrong server).
  • Encrypts the data that is being transmitted.

Mostly we use CA Certification Authority(Go-Daddy, Verisign, etc..) as a trusted certificate. 
But we can also use a self-signed certificate. 

Self Signed Certificate

A self-signed certificate is a certificate that is signed by its own creator rather than a trusted authority. 
These are less trustworthy as an attacker can create a self-signed certificate and launch a middle attack.

Self-signed certificates in scenarios like:

1) Intranet.
2) Personal sites with few visitors.
3) Development or Testing phase of the application.


Don't use a self-signed certificate for the application that transmits critical data.


How to Create a Self-Signed Certificate Using OpenSSL

OpenSSL is a command-line tool that is used for TLS (Transport Layer Security) and SSL (Secure Socket Layer) protocols.

On Linux please run below commands:

1) openssl genrsa -out server.key 2048 ---> Generate Private key
2) openssl req -new -key server.key -out server.csr ---> Generate a Certificate Signing Request CSR.
3) openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt ---> Self sign the Certificate

[root@oel7 ~]# pwd
/root
[root@oel7 ~]# mkdir certificates
[root@oel7 ~]# pwd
/root
[root@oel7 ~]# cd certificates/
[root@oel7 certificates]# openssl genrsa -out server.key 2048
Generating RSA private key, 2048 bit long modulus
....+++
................+++
e is 65537 (0x10001)
[root@oel7 certificates]# ls -ltr
total 4
-rw-r--r-- 1 root root 1679 Mar 28 18:09 server.key
[root@oel7 certificates]# openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Delhi        
Locality Name (eg, city) [Default City]:Delhi
Organization Name (eg, company) [Default Company Ltd]:Funoracleapps Ltd
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:*.lab
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@oel7 certificates]# ls -ltr
total 8
-rw-r--r-- 1 root root 1679 Mar 28 18:09 server.key
-rw-r--r-- 1 root root 1001 Mar 28 18:11 server.csr
[root@oel7 certificates]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=IN/ST=Delhi/L=Delhi/O=Funoracleapps Ltd/OU=IT/CN=*.lab
Getting Private key
[root@oel7 certificates]# ls -ltr
total 12
-rw-r--r-- 1 root root 1679 Mar 28 18:09 server.key
-rw-r--r-- 1 root root 1001 Mar 28 18:11 server.csr
-rw-r--r-- 1 root root 1200 Mar 28 18:12 server.crt


I am giving *.domain_name as the CN name to use for multiple servers within the domain.





If you like please follow and comment
Labels:

Comments

Post a Comment

Popular posts from this blog

WebLogic migration to OCI using WDT tool

WebLogic migration to OCI using WDT tool Oracle WebLogic Deploy Tool (WDT) is an open-source project designed to simplify and streamline the management of Oracle WebLogic Server domains. With WDT, you can export configuration and application files from one WebLogic Server domain and import them into another, making it a highly effective tool for tasks like migrating on-premises WebLogic configurations to Oracle Cloud. This blog outlines a detailed step-by-step process for using WDT to migrate WebLogic resources and configurations. Supported WLS versions Why Use WDT for Migration? When moving Oracle WebLogic resources from an on-premises environment to Oracle Cloud (or another WebLogic Server), WDT provides an efficient and reliable approach to: Discover and export domain configurations and application binaries. Create reusable models and archives for deployment in a target domain. Key Pre-Requisites Source System: An Oracle WebLogic Server with pre-configured resources such as: Applica...
Post a Comment
Read more

How to Validate TDE Wallet Password in Oracle Database

How to Validate TDE Wallet Password in Oracle Database Validating the Transparent Data Encryption (TDE) wallet password is crucial, especially when ensuring that the password is correct without using the OPEN or CLOSE commands in the database. This blog post explains a straightforward method to validate the TDE password using the mkstore utility. Steps to Validate TDE Wallet Password Follow these steps to validate the TDE wallet password: Step 1: Copy the Keystore/Wallet File Navigate to your existing TDE wallet directory. Copy only the ewallet.p12 file to a new directory. If a cwallet.sso file exists, do not copy it . The absence of cwallet.sso ensures that the wallet does not use auto-login, forcing the utility to prompt for the password. Step 2: Validate Using mkstore Use the mkstore utility to check the contents of the wallet file. The mkstore utility will prompt you for the TDE wallet password, allowing you to validate its correctness. Command Syntax To display the conten...
Post a Comment
Read more

Rename a PDB in Oracle Database Multitenant Architecture in TDE and Non TDE Environment

Rename a PDB in Oracle Database Multitenant Architecture I am sharing a step-by-step guide to help you rename a PDB. This approach uses SQL commands. Without TDE or encryption Wallet Initial Check Check the Current Database Name and Open Mode: SQL > SELECT NAME, OPEN_MODE FROM V$DATABASE; NAME OPEN_MODE --------- -------------------- BEECDB READ WRITE List Current PDBs: SQL > SHOW PDBS; CON_ID CON_NAME OPEN MODE RESTRICTED ---------- ------------------------------ ---------- ---------- 2 PDB$SEED READ ONLY NO 3 FUAT READ WRITE NO We need to RENAME FUAT to BEE  Steps to Rename the PDB Step 1: Export ORACLE_SID Set the Oracle SID to the Container Database (CDB): export ORACLE_SID=BEECDB Step 2: Verify Target PDB Name Availability If the target PDB name is different from the current PDB name, ensure no service exists with the target PDB name. Run SQL to Check Exi...
Post a Comment
Read more