Skip to main content

How to generate a self-signed certificate with Openssl (using git windows bash)

I recently needed to generate a self-signed certificate to test a website locally. I wasn't familiar with the process, and I wanted to share here what I learned.

First, we need a private key. A private key is a long series of characters that must be kept secret. In my context, it will be used to encrypt messages before the client and the server, in a way secure enough to prevent anybody to spy on them.

Once the private key is created, we need to generate another file that will be the "signature" of our certificate. Among other data, this file will contains some information specific to the server's context: country, organization's name, email address of the organization's technical contact, etc.

Once this signature is established, there are two paths:

- Path A: If we want our server to be publicly accessible, every browser in the world must able to trust the certificate. In order for that to happen, we need to send our signature file to one of the official SSL Certificate authorities (Comodo SSL, Symantec SSL, etc.). Those authorities are known by every browsers. Sending the signature file is called a Certificate Signing Request (CSR).

- Path B: For local use, it's also possible to self-signed the certificate. If we were to use this certificate in a public context, the web browsers would display a security alert to the user, saying that the certificate cannot be trusted.

 All those steps can be done with openssl. I have created a bash script to make the process easier and not have to remember each command. You can find it the gist on github here. This script will ask you for the required information, and generate a self-signed certificate (so not to be used for a public server). The comments in the file should be enough to match with the steps described in this article

Comments

Popular posts from this blog

How to Compile a GTK4 program on Windows (using MSYS)

  I wanted to create a GUI program using C and GTK. I am using a windows operating system, so I had followed the instructions from the GTK Windows installation page . However, when trying to compile my program using: gcc main.c -o main.exe `pkg-config --cflags --libs gtk4` I had the following errors: gcc.exe: error: pkg-config: No such file or directory gcc.exe: error: gtk4`: No such file or directory gcc.exe: error: unrecognized command-line option '--cflags' gcc.exe: error: unrecognized command-line option '--libs' I noticed that the command  pkg-config --cflags --libs gtk4 was actually returning a list of required includes. It seemed that the gcc command simply was not able to recognize them. To solve the problem, I then created a Makefile, in which a variable called GTK_4_INCLUDES contains the list of includes.  The compilation command becomes:   gcc main.c -o main.exe $(GTK_4_INCLUDES) To compile the program in the console, I just had to type mingw32-make , a...

Connecting to MongoDB from WSL2

My application runs a web server connected to a MongoDB database. For all my development needs, I am using WSL on windows 10. Unfortunately, MongoDB is not available on WSL, so I have installed the Windows version and pointed my server to the localhost:27017 address, no issue. It worked well until the day I switched to WSL2. Then I would get some ECONNREFUSED errors. To solve this problem, I have found a simple three steps solution.  The whole idea is that WSL2 now uses a true VM and got its own network interface (IP, MAC address, etc.). I think it's a bit more complicated than that, but that's how I understand it. Long story short, you now have a windows IP, and a WSL IP. 1. Accessing  the windows host from WSL The first step is to make sure that you can ping the windows IP from WSL. It was not working for me right away. It seems like there are still inconsistencies in the WSL implementation, but this github issue thread gave a good solution. It's a script yo have to run...