Skip to main content

How to generate a self-signed certificate with Openssl (using git windows bash)

I recently needed to generate a self-signed certificate to test a website locally. I wasn't familiar with the process, and I wanted to share here what I learned.

First, we need a private key. A private key is a long series of characters that must be kept secret. In my context, it will be used to encrypt messages before the client and the server, in a way secure enough to prevent anybody to spy on them.

Once the private key is created, we need to generate another file that will be the "signature" of our certificate. Among other data, this file will contains some information specific to the server's context: country, organization's name, email address of the organization's technical contact, etc.

Once this signature is established, there are two paths:

- Path A: If we want our server to be publicly accessible, every browser in the world must able to trust the certificate. In order for that to happen, we need to send our signature file to one of the official SSL Certificate authorities (Comodo SSL, Symantec SSL, etc.). Those authorities are known by every browsers. Sending the signature file is called a Certificate Signing Request (CSR).

- Path B: For local use, it's also possible to self-signed the certificate. If we were to use this certificate in a public context, the web browsers would display a security alert to the user, saying that the certificate cannot be trusted.

 All those steps can be done with openssl. I have created a bash script to make the process easier and not have to remember each command. You can find it the gist on github here. This script will ask you for the required information, and generate a self-signed certificate (so not to be used for a public server). The comments in the file should be enough to match with the steps described in this article

Labels:

Comments

Post a Comment

Popular posts from this blog

Fixing x-invalid-end-tag lint error on Vuejs

  My situation is: Coding with vue in a Vue file. Using the Vetur plugin in VS code It then generates an error of type x-invalid-end-tag in a quite random fashion. To solve it, I have found one simple trick in this github issue: // .eslintrc.js module.exports = {  //... rules:  { 'vue/no-parsing-error': [2, { 'x-invalid-end-tag': false }]  }  }
Post a Comment
Read more

Installing Postgres on Linux Lite (Ubuntu)

I have followed these instructions from the Postgres documentation : # Create the file repository configuration: sudo sh -c 'echo "deb https://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list' # Import the repository signing key: wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - # Update the package lists: sudo apt-get update # Install the latest version of PostgreSQL. # If you want a specific version, use 'postgresql-12' or similar instead of 'postgresql': sudo apt-get -y install postgresql   After that, I was having trouble authenticating to Postgresql after installing the db server on Linux Lite.  This stackoverflow answer was very helpful. Open the file pg_hba.conf . For Ubuntu, use for example /etc/postgresql/13/main$ sudo nano pg_hba.conf and change this line at the bottom of the file, it should be the first line of the settings: local all ...
Post a Comment
Read more