How to create a valid self signed SSL Certificate?

Thank you very much. This was extremely useful. You took a very confusing and convoluted process and made it as easy to understand as possible. I was able to setup certs on several home servers that I've been trying to figure out for years. I really appreciate your time making this video. Very helpful.

Hi Christian, I have been watching your videos for ages and with your help I have grown my little raspberry pi "home lab" out into 3 separate servers running more services than I have any business or need to run. I enjoyed this video and it was very informative. Thank you for all the help and wish me luck setting up my own CA.

Hands down, absolutely outstanding work. Thank you so much for this video. I absolutely loved it. You earned a sub!

I've been trying this for weeks, and you managed to make me understand and actually learn something about certificates. Indeed, you are an excelent teacher! Thanks a lot

You really know your stuff. So much information in 25 minutes!

Might be the most important video I've watched in 5 years, wow. Thanks SO much for this, very well done!

This was exactly what I needed to understand the cert-creation process. Thank you, and I have now subscribed to your channel :D

Thanks a million! I was following some other documented tutorials and none of them seem to explain what is important and what is not. I didn't have a DNS name so I had to rely on IP addresses. After spending 2 days of trying to setup SSL certificates, I finally found and followed your video and it just worked straight away!

I subscribed last week, mostly because I'm into Docker and you seem to cover it a lot. You've already proven to be quite useful with this tutorial, which I ran into completely by coincidence. Just wanted to say I really appreciate you, thanks!

Thank you so much. I had been annoyed by this for a long time. I appreciated very much your way of explaining things with just the level of details needed (at least in my case). I could follow the steps one after the other and it worked fine. I wrote down the process to repeat this in the future. Thank you so much again, from France.

Thanks so much for this video. It really helped me a lot. For a long time I was having problems with other tutorials tying to configure this, and with your video I managed to get everything working really fast. Thanks again!

just started to dip my toes into self signing so this is wonderful timing that you to made a fresh video about it.
🤗

Nice overview about CA's and how Windows trust certificates from websites. And well detailed explanation about the steps to generate a valid certificate. It really comes in handy to me right know, because I was dealing with some troubles to generate a certificate to a local system in my job. Thank you very much! Keep it up! 👏👏👏

After a very long time struggling with it I finally got it working thanks to you! Thank you!

Thanks for doing this. I watched it several times (and reviewed your very helpful 'Cheat-sheets' on git). I understand the process for setting up internal CA (with respective keys), as well as the signing request process. BUT, I'm still not sure how to go about creating certificates that have *wild-cards* for an IP range so that I can use more broadly in my home lab environment. I'll keep plugging away with some other how-to tutorials, and eventually I'll have the 'Eureka' moment and it'll all make sense. Nonetheless, your tutorial was very good and much appreciated. Cheers.

Thank you for your time and knowledge, an invaluable help, especially because you turned something complex into a simple one, thank you, it has helped me a lot

Great video! You've corrected the topic in great detail. This will be my reference video on this topic. Keep producing video on these interesting topics. You've got a new subscriber

Excellent will use it today ! Thanks for documenting all process !

Thanks Bro. This explanitation gave me the needed steps to finally learn the SSL certificate concept and creation. All of my internally hosted consols are now secure. It was even possible for me to adjust my certificate chain for a cisco wlc which I wanted to start using. Without your instructions, I couldn't have made this jump. Vielen Dank!

Thanks for making this video, great explanation of how it all works, reassuring to see all the reading of separate info I've been doing was in a simple video.

love the videos pal - literally just finished watching several of your nginx proxy manager videos!

Very good explanations. The part I was looking for was how to import the ca certificate into the client devices.

best explanation ever, thank you so much. for the first time, i actually understand ssl certs

thank you, just a note , the file extfile.cnf has to be encoded in utf-8 , you can convert it via visual studio code , otherwise an error will show up
"x509: Error on line 1 of config file "extfile.cnf" 8C520000:error:07000065:configuration file routines:def_load_bio:missing equal sign:crypto\conf\conf_def.c:513:HERE--> ■sline 1"

It is absolutely nuts how many subs you have now. Congrats man! I have been studying to get some certs lately so I'll see how it goes!

hey Christian!
You just got a new subscriber man!
Explained it beautifully!

Very great video! This was exactly what I've been looking for days and days. Very helpful. Thx! Keep it up

Thank you so much, very informative and has finally enabled me to get rid of the annoying warning message when logging into my nas. Great job!

Very helpful, helped filled in some knowledge gaps in private CA's.

Thank you, this is just what I was looking for! Very helpful, great video!

This was exactly what I was looking for.
Helped a Ton!
Thanks

thank you so much! finally found a working solution at first attempt

I had so many issues before trying to get SSL working on my VMware ESXI Server. Now I just used all the steps in this video and replaced the .csr file with the "Generate FQDN signing request" text (copied and put in a text file) that you can generate in ESXI. It instantly worked.
Before this Video I "broke" my server so I couldn't access it from the webinterface anymore (had to plug in Monitor & Keyboard to find out that the SSL Certificate was invalid so the webserver didn't start).
Thanks for making it this easy to follow👍

Your video came just in time to save my day.
Didn't know i could be a CA as well create a SSL certificate.
Amazing

That's exaclty what I did when decide to move all my home network to SSL couple of weeks ago, glad to see we are on the same wave :)

Really great, it's been a while since I was looking for this, i've implemented the same concept in Pfsense and made a web server to distribute the CA certificate to others devices

Hi Christian, thank you for that video, it is exactly what I was looking for, followed your steps and it works perfectly. You got one more subscriber.

Thank you so much. You just earned a subscriber here. Great content.

Always great content!
Re-watch it?? Not only, study it!!
Absolutely interesting and useful.
Thank you and keep on with this excellent content

Great video Christian! Thank you very much for sharing it with us!💖👍😎JP

Thanks a ton! I have fond memories of adding SSL certificates to web 1.0 programs lol like deadAIM n such. Been really wanting to know more about its potential applications now adays. Appreciate the info. ~

Thanks for the great explanation!

Finally a video that explains this process thoroughly, thank you

I autommatically press like when i see your videos. Awesome guy!!!!🙂🙂🙂🙂

You have touched on a lot of topics in an excellent narrative and really detailed. I really thank you for this. But there is something I want to ask. Does everyone in the "standard user" class who connects to our web page have to add to the trusted certificates you made in the last step here? That is, after we prepare the certificate, can it securely exit to the internet?
Another issue is that we want to sign our software that we prepare in our company with code signing. Can rootCA be used for this? Can we sign our software using the certificate created with this method?
Thank you very much.

Loved the video! And yes, please do a deep dive video as well 😇

Thx for the fullchain tip. I had read about it in the Proxmox docs, but just the standalone cert worked for me :)

Thanks for the helpful video as always! 👍👍

Thank you for demystifying the concept! It helped a lot!

Excellent presentation and content! Bravo and thank you!!

Excellent video. Very informative. Good job.

Thanks for this video, your documentation is amazing, it makes it very easy to follow your instructions and I now understand what's happening...

You are awesome man! Very clean explanation

This excellent and great video … yes! finally what I needed 👍🏼

Your video is fantastic!! Compliment

Wow ... amazing !!! ... your step by step is exactly what I need ... and it's working A1 ... thank's for your generosity :)

Thank you so much 🙏🙏

I was searching to really solve this trusting issue puzzle for years by relying on Windows CA role and has been impossible. Endless gratitude to you !!!

Thank you for splitting the video into segments, I already knew the basics and could just skip ahead to relevant parts.

Thanks for your helpful videos!

I love you man, you saved me days

Thank you, very helped for me

Excellent and detailed guide to resolve an issue as complicated as SSL.
What would be different in the certificates if TLS 1.3 is used?

Thank you VERY much for making this video

Thank you very much you SIR!!! you are my go-to youtube channel for my IT carreer!
Quick question: what terminal software you used in this video? the UI looks so clean. Thank you

Christian, Great job here. Thanks so much. One question:
For the SAN name, I'd like to be able to enter a node's, hostname, FQDN and IP, which I would consider to be a common use-case for those not wanting to use wildcards. I've played around with the contents of the extfile.cnf to no avail. Any pointers ?

It works! Thanks! 😄

thanks for the video. I didn't understand the last part, is the command executed on the machine from where I open the page or on the server?

Thank You so much!

Thank you very much. You helped me a lot.

Awesome work.

This is really helpful. Thank you.

thank you so much bro I was going around in circles until I got to this video

In addition to this, if you are running Linux a self signed cert also helps you with signing your bootloader and enable secure boot properly ;) ..fun video always enjoy your passion with them!

Thank you very much! You saved my day!

Subscribed. I'm trying to keep my subscriptions list tidy, so take it as a massive compliment!

very useful video, thank you very much

Thank you very much! I tried to do this and failed a couple of weeks ago. Gonna give it another try.

Thanks for taking the time to put together this video tutorial. I understand how to follow through the steps as you're doing them, but unfortunately I don't understand WHY I'm doing it at each step and what each step is doing for me, because there were too many words being spoken and it was confusing. One of the things I was not initially clear on, but now understand why is that I needed to add a linux distro in my lab environment to run openSSL. That's one more thing for me to have to manage! Also, where does it put the files it made? I can't find them. Forgive my rookie questions, first time I'm ever doing this. Very new to linux and to openSSL. Total NOOB here with certificates.

Thank you for the video, it's awesome! May I ask you how did you set a custom color for the command parameters on the terminal?
To be clear, in the initial command: "openssl" had one color, "generate" another, "-aes256 -out" were slightly obscured and so on...

Hi Christian, endlich mal eine verständliche und funktionierende Anleitung, wie man selber Zertifikate für sein Homelab erstellen und einsetzen kann. Sehr gut, danke dir! Ich möchte an dieser Stelle auch noch einmal erwähnen, dass ich neben deinen Videoinhalten auch in besonderem Maße die Qualität deiner Videos (Sound, Bild, Schnitt, Lautstärke, Farben, Abstimmung, Präsentation, Darstellung, Stimmung etc.) zu schätzen weiß. Nach meinem Empfinden bildest du damit einen Standard, an den derzeit kaum jemand heran kommt. Weiter so. Uppps, jetzt habe ich doch instinktiv in deutsch geschrieben 🙂

Very good video, for my local environment I use cerbot with cloudflare api to authorize the certificate creation locally without any ports open and then either pass everything through a local proxy or by installing the cerbot client and setting up the subdomain for the service if it's an important one like freeipa/teleport/other important service that I don't want to use a local proxy.

Awesome video, are you using your private CA with Teleport? Does Teleport use it to sign the certificates it generates?

Danke für das Video, das hat unser Problem gelöst

this is by far the best video on this topic, thank you. I just have one question, I don't have a physical server I'm just testing in a VirtualBox and I was wondering if u could suggest to me any good VMs that I can install on VirtualBox and also install the certificates, that would really help me out

Thanks a lot. What type of terminal are you using?

Come in handy! Thank you!

video was so good i had to smash like & subscribe

Thanks, good introduction video!
For a more in-depth understanding and for best practices regarding certificates I highly recommend reading the book "TLS Mastery" by Michael W Lucas. Small and handy book with around 200 pages.

Very clear explanation video! I have subscribed. Just doesn't find the install guide for Macbook in the cheatsheet.

Excellent!

Finally the answer to the most headache of running a home lab!

thanks a lot for the amazing video

Excellent video very educational and definitely most needed at my homelab.
Nevertheless how do I use the new self-signed cert in others webapps that doesn't have a webgui to register certs like: Portainer, PiHole, Rancher, Kasm, SonarQube, Jellyfin, Guacamole, Semaphore, Cockpit, etc (a follow up video will be great)
Many thanks in advance!!!!

Great video this. Thank you

Great content!

Ok but this is freaky. I was looking for a decent tutorial the whole of today and knew you mentioned it before but couldn't find it lol. At least I know where to look now

Thank you for this explanation , if you have documentation about steps it will be helpful to put this here

well done ... please bring more stuff on this...

this channel is gold