Skip to content

Instantly share code, notes, and snippets.

@ragecryx

ragecryx/ssl-certs.md

Forked from Eng-Fouad/ssl-certs.md
Created December 13, 2023 11:16
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save ragecryx/6eb0cdccba558b55c2bc2a2e9aa1e9c6 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save ragecryx/6eb0cdccba558b55c2bc2a2e9aa1e9c6 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @Eng-Fouad Eng-Fouad revised this gist Jun 26, 2017. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion ssl-certs.md
    View file
    Original file line number Diff line number Diff line change
    @@ -11,7 +11,7 @@
    - `O` = organizationName, the company name.
    - `L` = localityName, the city.
    - `S` = stateName, the state.
    - `C` = country, the 2-letters code of the country.
    - `C` = country, the 2-letter code of the country.

    > Note: This step can be done using openssl but it's more complicated.
  2. @Eng-Fouad Eng-Fouad revised this gist Jun 26, 2017. 1 changed file with 2 additions and 2 deletions.
    4 changes: 2 additions & 2 deletions ssl-certs.md
    View file
    Original file line number Diff line number Diff line change
    @@ -13,8 +13,6 @@
    - `S` = stateName, the state.
    - `C` = country, the 2-letters code of the country.

    > Note: Import myKeystore.p12 into browsers to trust it. Add it to "Trusted Root Certification Authorities" certificate store. Use the password MY_PASSWORD.
    > Note: This step can be done using openssl but it's more complicated.
    2- Create the public certificate (has the header `-----BEGIN CERTIFICATE-----`):
    @@ -26,6 +24,8 @@ Using `keytool`:
    Or using `openssl`:

    openssl pkcs12 -in myKeystore.p12 -password pass:MY_PASSWORD -nokeys -out public-certificate.pem

    > Note: Import public-certificate.pem into browsers to trust it. Add it to "Trusted Root Certification Authorities" certificate store.
    3- Export the private key (has the header `-----BEGIN PRIVATE KEY-----`):

  3. @Eng-Fouad Eng-Fouad revised this gist Jun 26, 2017. 1 changed file with 8 additions and 8 deletions.
    16 changes: 8 additions & 8 deletions ssl-certs.md
    View file
    Original file line number Diff line number Diff line change
    @@ -4,14 +4,14 @@

    keytool -genkeypair -keystore myKeystore.p12 -storetype PKCS12 -storepass MY_PASSWORD -alias KEYSTORE_ENTRY -keyalg RSA -keysize 2048 -validity 99999 -dname "CN=My SSL Certificate, OU=My Team, O=My Company, L=My City, ST=My State, C=SA" -ext san=dns:mydomain.com,dns:localhost,ip:127.0.0.1

    - `myKeystore.p12` -> keystore filename. It can with .pfx extension as well.
    - `MY_PASSWORD` -> password used for the keystore and the private key as well.
    - `CN` -> commonName, it will be shown as certiciate name in certificates list.
    - `OU` -> organizationUnit, department name for example.
    - `O` -> organizationName, the company name.
    - `L` -> localityName, the city.
    - `S` -> stateName, the state.
    - `C` -> country, the 2-letters code of the country.
    - `myKeystore.p12` = keystore filename. It can with .pfx extension as well.
    - `MY_PASSWORD` = password used for the keystore and the private key as well.
    - `CN` = commonName, it will be shown as certiciate name in certificates list.
    - `OU` = organizationUnit, department name for example.
    - `O` = organizationName, the company name.
    - `L` = localityName, the city.
    - `S` = stateName, the state.
    - `C` = country, the 2-letters code of the country.

    > Note: Import myKeystore.p12 into browsers to trust it. Add it to "Trusted Root Certification Authorities" certificate store. Use the password MY_PASSWORD.
  4. @Eng-Fouad Eng-Fouad revised this gist Jun 26, 2017. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion ssl-certs.md
    View file
    Original file line number Diff line number Diff line change
    @@ -1,4 +1,4 @@
    ##Steps to generate self-signed PKCS#12 SSL certificate and export its keys:
    ## Steps to generate self-signed PKCS#12 SSL certificate and export its keys:
    1- Create PKCS#12 keystore (.p12 or .pfx file)

  5. @Eng-Fouad Eng-Fouad revised this gist Jun 26, 2017. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion ssl-certs.md
    View file
    Original file line number Diff line number Diff line change
    @@ -1,4 +1,4 @@
    - Steps to generate self-signed PKCS#12 SSL certificate and export its keys:
    ##Steps to generate self-signed PKCS#12 SSL certificate and export its keys:

    1- Create PKCS#12 keystore (.p12 or .pfx file)

  6. @Eng-Fouad Eng-Fouad revised this gist Jun 26, 2017. 1 changed file with 10 additions and 10 deletions.
    20 changes: 10 additions & 10 deletions ssl-certs.md
    View file
    Original file line number Diff line number Diff line change
    @@ -4,14 +4,14 @@

    keytool -genkeypair -keystore myKeystore.p12 -storetype PKCS12 -storepass MY_PASSWORD -alias KEYSTORE_ENTRY -keyalg RSA -keysize 2048 -validity 99999 -dname "CN=My SSL Certificate, OU=My Team, O=My Company, L=My City, ST=My State, C=SA" -ext san=dns:mydomain.com,dns:localhost,ip:127.0.0.1

    - myKeystore.p12 -> keystore filename. It can with .pfx extension as well.
    - MY_PASSWORD -> password used for the keystore and the private key as well.
    - CN -> commonName, it will be shown as certiciate name in certificates list.
    - OU -> organizationUnit, department name for example.
    - O -> organizationName, the company name.
    - L -> localityName, the city.
    - S -> stateName, the state.
    - C -> country, the 2-letters code of the country.
    - `myKeystore.p12` -> keystore filename. It can with .pfx extension as well.
    - `MY_PASSWORD` -> password used for the keystore and the private key as well.
    - `CN` -> commonName, it will be shown as certiciate name in certificates list.
    - `OU` -> organizationUnit, department name for example.
    - `O` -> organizationName, the company name.
    - `L` -> localityName, the city.
    - `S` -> stateName, the state.
    - `C` -> country, the 2-letters code of the country.

    > Note: Import myKeystore.p12 into browsers to trust it. Add it to "Trusted Root Certification Authorities" certificate store. Use the password MY_PASSWORD.
    @@ -29,8 +29,8 @@ Or using `openssl`:

    3- Export the private key (has the header `-----BEGIN PRIVATE KEY-----`):

    openssl pkcs12 -in myKeystore.p12 -password pass:MY_PASSWORD -nodes -nocerts -out private-key.pem
    openssl pkcs12 -in myKeystore.p12 -password pass:MY_PASSWORD -nodes -nocerts -out private-key.key

    4- Export the public key from the private key (has the header `-----BEGIN PUBLIC KEY-----`):

    openssl rsa -in private-key.pem -pubout > public-key.pub
    openssl rsa -in private-key.key -pubout > public-key.pub
  7. @Eng-Fouad Eng-Fouad revised this gist Jun 26, 2017. 1 changed file with 4 additions and 4 deletions.
    8 changes: 4 additions & 4 deletions ssl-certs.md
    View file
    Original file line number Diff line number Diff line change
    @@ -1,6 +1,6 @@
    - Steps to generate self-signed PKCS#12 SSL certificate and export its keys:

    1. Create PKCS#12 keystore (.p12 or .pfx file)
    1- Create PKCS#12 keystore (.p12 or .pfx file)

    keytool -genkeypair -keystore myKeystore.p12 -storetype PKCS12 -storepass MY_PASSWORD -alias KEYSTORE_ENTRY -keyalg RSA -keysize 2048 -validity 99999 -dname "CN=My SSL Certificate, OU=My Team, O=My Company, L=My City, ST=My State, C=SA" -ext san=dns:mydomain.com,dns:localhost,ip:127.0.0.1

    @@ -17,7 +17,7 @@
    > Note: This step can be done using openssl but it's more complicated.
    3. Create the public certificate (has the header `-----BEGIN CERTIFICATE-----`):
    2- Create the public certificate (has the header `-----BEGIN CERTIFICATE-----`):

    Using `keytool`:

    @@ -27,10 +27,10 @@ Or using `openssl`:

    openssl pkcs12 -in myKeystore.p12 -password pass:MY_PASSWORD -nokeys -out public-certificate.pem

    4. Export the private key (has the header `-----BEGIN PRIVATE KEY-----`):
    3- Export the private key (has the header `-----BEGIN PRIVATE KEY-----`):

    openssl pkcs12 -in myKeystore.p12 -password pass:MY_PASSWORD -nodes -nocerts -out private-key.pem

    5. Export the public key from the private key (has the header `-----BEGIN PUBLIC KEY-----`):
    4- Export the public key from the private key (has the header `-----BEGIN PUBLIC KEY-----`):

    openssl rsa -in private-key.pem -pubout > public-key.pub
  8. @Eng-Fouad Eng-Fouad renamed this gist Jun 26, 2017. 1 changed file with 0 additions and 0 deletions.
    0 ssl-certs.txt → ssl-certs.md
    View file
    File renamed without changes.
  9. @Eng-Fouad Eng-Fouad revised this gist Jun 26, 2017. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion ssl-certs.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -1,4 +1,4 @@
    - Steps to generate self-signed SSL certificate and export its keys:
    - Steps to generate self-signed PKCS#12 SSL certificate and export its keys:

    1. Create PKCS#12 keystore (.p12 or .pfx file)

  10. @Eng-Fouad Eng-Fouad revised this gist Jun 26, 2017. No changes.
  11. @Eng-Fouad Eng-Fouad created this gist Jun 26, 2017.
    36 changes: 36 additions & 0 deletions ssl-certs.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,36 @@
    - Steps to generate self-signed SSL certificate and export its keys:

    1. Create PKCS#12 keystore (.p12 or .pfx file)

    keytool -genkeypair -keystore myKeystore.p12 -storetype PKCS12 -storepass MY_PASSWORD -alias KEYSTORE_ENTRY -keyalg RSA -keysize 2048 -validity 99999 -dname "CN=My SSL Certificate, OU=My Team, O=My Company, L=My City, ST=My State, C=SA" -ext san=dns:mydomain.com,dns:localhost,ip:127.0.0.1

    - myKeystore.p12 -> keystore filename. It can with .pfx extension as well.
    - MY_PASSWORD -> password used for the keystore and the private key as well.
    - CN -> commonName, it will be shown as certiciate name in certificates list.
    - OU -> organizationUnit, department name for example.
    - O -> organizationName, the company name.
    - L -> localityName, the city.
    - S -> stateName, the state.
    - C -> country, the 2-letters code of the country.

    > Note: Import myKeystore.p12 into browsers to trust it. Add it to "Trusted Root Certification Authorities" certificate store. Use the password MY_PASSWORD.

    > Note: This step can be done using openssl but it's more complicated.

    3. Create the public certificate (has the header `-----BEGIN CERTIFICATE-----`):

    Using `keytool`:

    keytool -exportcert -keystore myKeystore.p12 -storepass MY_PASSWORD -alias KEYSTORE_ENTRY -rfc -file public-certificate.pem

    Or using `openssl`:

    openssl pkcs12 -in myKeystore.p12 -password pass:MY_PASSWORD -nokeys -out public-certificate.pem

    4. Export the private key (has the header `-----BEGIN PRIVATE KEY-----`):

    openssl pkcs12 -in myKeystore.p12 -password pass:MY_PASSWORD -nodes -nocerts -out private-key.pem

    5. Export the public key from the private key (has the header `-----BEGIN PUBLIC KEY-----`):

    openssl rsa -in private-key.pem -pubout > public-key.pub