Understanding general concepts

How to create an SSL certificate

How SSL works - Client/Server flow

High level design

Pre-requisites

1. OpenSSL
   1. Refer installation guide
   2. Add C:\Program Files\Git\usr\bin in Path environment variable

Key Points

• A .key file contains both the private and public keys, but often referred as private key.
  • Use openssl rsa -in private.key -pubout to see hidden the public key.
  • Use openssl rsa -in private.key -outform PEM -pubout -out public.pem to export public key.
  • So, when you generate a .key file, you eventually generate a public-private key pair.
• A .csr includes the metadata and public key of the RSA key pair.
  • Certificate signing request = Metadata + RSA public key
• Important commands
  • openssl genrsa is used to generate RSA private key (public and private RSA key pair).
  • openssl rsa is used to process RSA keys. i.e. retrieve public key from private key
  • openssl req is used to create certificate requests (CSR), or it can additionally create self signed certificates for use as root CAs for example.
    • -x509 this option outputs a self signed certificate instead of a certificate request. This is typically used to generate a test certificate or a self signed root CA.
  • openssl x509 is used to generate certificates by signing certificate requests.

Step by Step Guide

• Step 1: Creating Root Certificate or own Certificate Authority (CA)
• Step 2: Creating SSL Certificate signed using Root Certificate Private Key
• Step 3: Put all together and run a Website using the above certificate