OpenSSL Step By Step Tutorial | How to Generate Keys, Certificates & CSR Using OpenSSL

wow everything worked so flawlessly, you're a hero

Good job done. Very clearly explained and everything was right to the point and it held my attention. Everyone should do their training videos like this.

Lot's of CSR videos but this one was perfect! Thank you!

I needed someone to explain it like this for so long. Thank you man.

Thanks a lot bro..I was looking for a simple but explanatory tutorial on how certificates work..this video helped me to understand a lot

Excellent demonstration sir. Thank you for making this clear to me.

Very well demonstrated key-pair generation, extracting public key, CSR and self-signed certificate. Great work!

BRAVO! thank you for the clear and practical explanation!

It cleared all my doubts..nicely explained..thanks for the amazing video..!

Excellent video Sir. Thank you; it is greatly appreciated.

Great video ... I was confused before watching this, now I understand much better. Thanks.

Short video, simple to understand. WOW!!! Thank you

Just created my first key, ever. Now going to implement this....

all those who are having error like me
The only thing that worked for me in this situation was the self-created openssl.cnf file.
Here are the basics needed for this exercise (edit as needed):
#
# OpenSSL configuration file.
#
# Establish working directory.
@/c:\Users\User\Desktop\test
dir = .
[ ca ]
default_ca = CA_default
[ CA_default ]
serial = $dir/serial
database = $dir/certindex.txt
new_certs_dir = $dir/certs
certificate = $dir/cacert.pem
private_key = $dir/private/cakey.pem
default_days = 365
default_md = md5
preserve = no
email_in_dn = no
nameopt = default_ca
certopt = default_ca
policy = policy_match
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
default_bits = 1024 # Size of keys
default_keyfile = key.pem # name of generated keys
default_md = md5 # message digest algorithm
string_mask = nombstr # permitted characters
distinguished_name = req_distinguished_name
req_extensions = v3_req
[ req_distinguished_name ]
# Variable name Prompt string
#------------------------- ----------------------------------
0.organizationName = Organization Name (company)
organizationalUnitName = Organizational Unit Name (department, division)
emailAddress = Email Address
emailAddress_max = 40
localityName = Locality Name (city, district)
stateOrProvinceName = State or Province Name (full name)
countryName = Country Name (2 letter code)
countryName_min = 2
countryName_max = 2
commonName = Common Name (hostname, IP, or your name)
commonName_max = 64
# Default values for the above, for consistency and less typing.
# Variable name Value
#------------------------ ------------------------------
0.organizationName_default = My Company
localityName_default = My Town
stateOrProvinceName_default = State or Providence
countryName_default = US
[ v3_ca ]
basicConstraints = CA:TRUE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
[ v3_req ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
# copy till here
now save this file and run the command as
openssl req -new -key tutorialspedia.key -out tutorialspedia.csr -config openssl.cnf
hope this will work for you :)

Awesome. This is what I needed this morning.

Clear explanation to the point. Thanks buddy. Keep uploading more videos like this.

Thanks a lot .Love from India

Great Video, Very clearly explained about CA, CSR.
I have a question:
When we are opening the //https connection using self signed CA certificate getting some warnings on //https web page. May I know the reason?
Kindly, respond.
Thanks

Worked for me, best video on openssl

Very nice job.
Please add info on how to create "non-self-signed certificates". Meaning certificate verifying some other public key. Thanks

Great video.. all commands worked for me...thanks...one query how to add critical extensions using your commands?

Very useful - clear and consise. Thanks for sharing.

The video is good but you have a major mistake. I think the video is using the entire key pair file instead of the public key to generate the CSR which in turn will go to the CA. This is a very important piece of information that will kill you in any test or interview. The steps are correct but the files being used are wrong. The CSR should be created only with the public key file, the CA will generate a certificate. After verification, the CA sends you a signed digital certificate that contains your distinguished name, your public key, the CA's distinguished name, and the signature of the certificate authority. You store this signed certificate in your key database.

Thanks from Poland!👍

Thank you very much. Was thinking I will never get it with this csr.

thanks bro, you are the best

excellent video. thank you.

Thankyou. Video was very clear

Awesome explanation bro !!!

how to creat command "CLS" clear screen in this toolkit , or same equivalent???????????????????????

Thanks a lot for the precise, and informative video.

Thanks for the clear explanation

Hi sir,
I want to configure certificate based authentication, it requirement
1.CA,
2.User Certificate,
3.server certificate.
What should I do, whether is same with you do?

really great way of teaching thanks.

Thank you, really helped me!

Thanks for the great tutorials. How I securely push these key (private & cer) in jks file ?

Good explanation in detail. I have one query in terms of renewal. To renew the existing CA signed certificate, is it correct to give old CSR (CSR generated to get CA signed initially). Is there any validity for key pair and CSR generated?

Great video, but you now have weird files on your computer. What do you do with these weird files. Do I ftp to my server, control panel, do I need to go to ican or other ssl org to upload them?

Good explanation , keep it up

Nice video in detail. I have one question in terms of renewal. To renew the existing CA signed certificate, is it correct to give old CSR (CSR generated to get CA signed initially). Is there any validity for key pair and CSR generated?

Good job mate :) PK/ISB at last someone from PK

Good job clearly explained

Thank you bro!!
you are save my life!!

Awesome explanation. Thank you!

Thank you very much, very clear and to the point!

Great Tutorial, Thanks

superb knowledge ... my friend .. keep sharing it..

Great job!

Very nice video. Thank you very much. How to create certificate with encryption and does the server also should have a certificate with encrypted key? And also can we use Portecle to generate certificates with encrypted key for linux?

Thanks a lot!!! Exactly what I was looking for

Well done for this nice video

please help 9:50
when i tried to self-sign i got the following output instead of 'Signature Ok'
output:
openssl x509 -in friday.csr -out friday.crt -req - signkey friday.key -days 365
x509: Use -help for summary.
everything until that is clear, someone pls help fast.

Awesome 😍

Thanks, Its really helpful.

Thank you!

Great presentation - thanks

Job saving info for me.

I Like it.

Thanks - I had all this confused. You helped a lot. Now how do I get this into Windows 10?

Can you tell me how we can extract the private key from the key pair, as well as the public key?

very helpful. thank you

Hello when i use command for create csr file. This file is not shown when type dir command
it is not created. Why this issue happened ?

Command to create self signed certificate with csr and private key is not working shows x509: Use -help for summary. any idea?

6:00 Why did you pass the initial key file? .. shouldnt we pass the public key file?

wow..
It helped me a lot

this is just perfect, simple, effective !

Very informative 😊👏

thank you very much, it was very useful

Good job! Thank you!

awsome!!!!!!

good video, very nicely explained. thanks

I am getting Can't open -testauto.key for reading, No such file or directory error any idea ?? followed the same steps

wow thank you explained so clearly

great tutorial, thank you!

thank you bhai

Hisir.
How do one vedio on how to create csr repo

Thank you sir

Thank you So Much Sir

In this case can we generate public keys and match with public keys being used by differenrt companies?

CAn you create an video about self signing code signing certificate

Thank you

how can we stop the stdin for step 3 like country name etc, and provide through argparser ?

It's very helpful~!

Can you also make a video on certificate chaining / Intermediate CAS

If I want to create SSL certificates on cluster having 4-5 nodes, can we have same crt copied to all hosts?

3:25 you have not generated key PAIR right? You have just created the private key. Where is the public key?

info given in this video was insufficient to running localhost with https using openssl certificate. It ended with net::cert_common_name_invalid error in chrome on windows and also with hhtps strickedout in url with no green lock in browser address bar. I appreciate further help to fix the error...

too coder-centric, start by definiing the problem using vitual aides. What is happening from a helicopter view, what are the keys for, why are they needed, who holds which keys and why. etc....

executing openssl command to generate key pair using "openssl genrsa -out keyfile.key 2048" but facing an error "genrsa: Can't open "keyfile.key" for writing, Permission denied". Could you guide me hot to fix this

Nice explanation ! Thank you !

thanks for your help bro

Hi, how can get my Certicate Signed by 'CA' instead of Self-Signed?

How to solve the invalid digest for sha1 error while creating csr

i am getting an error saying warning can't open config file: C:/OpenSSL/openssl.cnf please do help

5:40 WHY DO I have to provide my *Private key* to the *CA Authority* for CSR , This seems to be wrong to me. Please explain.

Thanks.

Thanks ..

where do we need self signed certificate in real world scenario...

Can I deploy certificate on godaddy domain?

How should I verify that same csr for the crt that was created