Create Encrypted Certificate using OpenSSL
Have you ever clicked on the key icon 🔑🔒 in the address bars of browsers? If you clicked, did you examine the certificate of the website you are on?
If you think that you do not have theoretical knowledge about certificates, do not worry. ✋During my internship in this summer, I did a lot of researches on this subject. In fact, the subject is so deep that it is very difficult to fit it into a single article. Maybe I’ll write one more article about this subject, who knows? Of course If you like this article. 😊😉 I will follow the same path in this article as I progressed from beginning to end in my internship journey. I guarantee you to create your own certificate if you review my article, yes I am assertive about it! 😃
Before starting to explain what is OpenSSL, lets start with what is SSL?
SSL stands for Secure Sockets Layer and, in short, it’s the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details. The two systems can be a server and a client (for example, a shopping website and browser) or server to server (for example, an application with personal identifiable information or with payroll information).
It does this by making sure that any data transferred between users and sites, or between two systems remain impossible to read. It uses encryption algorithms to scramble data in transit, preventing hackers from reading it as it is sent over the connection. This information could be anything sensitive or personal which can include credit card numbers and other financial information, names and addresses.
SSL also has a bro. Its name is TLS. Let’s see what TLS is.
Transport Layer Security, or TLS, is a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet. A primary use case of TLS is encrypting the communication between web applications and servers, such as web browsers loading a website. TLS can also be used to encrypt other communications such as email, messaging, and voice over IP (VoIP). In this article we will focus on the role of TLS in web application security.
So, what is the differences between TLS and SSL?
TLS evolved from a previous encryption protocol called Secure Sockets Layer (SSL), which was developed by Netscape. TLS version 1.0 actually began development as SSL version 3.1, but the name of the protocol was changed before publication in order to indicate that it was no longer associated with Netscape. Because of this history, the terms TLS and SSL are sometimes used interchangeably.
Its time to explain what is OpenSSL.👍
OpenSSL is an open-source command line tool that is commonly used to generate private keys, create CSRs, install your SSL/TLS certificate, and identify certificate information.
We learned the brief definition of OpenSSL, so why do we need to use OpenSSL?
By using OpenSSL, we can create out digital certificates (Generate the Certificate Signing Request) and install the SSL files on our server. We can convert our certificate into various SSL formats, as well as do all kind of verifications. For doing this, we should know the commands of OpenSSL well.
During the creation of certificates, some of the information will asked to you.
Country Name (2 letter code):The two-letter country code where your company is legally located.
State or Province Name (full name)The state/province where your company is legally located.
Locality Name (e.g., city):The city where your company is legally located.
Organization Name (e.g., company):Your company’s legally registered name (e.g., YourCompany, Inc.).
Organizational Unit Name (e.g., section):The name of your department within the organization. (You can leave this option blank; simply press Enter.)
Common Name (e.g., server FQDN):The fully-qualified domain name (FQDN) (e.g., www.example.com).
Email Address:Your email address. (You can leave this option blank; simply press Enter.)
A challenge password:Leave this option blank (simply press Enter).
An optional company name:Leave this option blank (simply press Enter).
I basically create Self-Signed Certificates by using commands below. I also add comments in order to make it clear.
When I wrote them to Command Prompt:
We said that we create OpenSSL Self Signed Certificate in this way, but what are the types of these certificates? Let’s take a look at these.
Root certificate: Identifies a certificate authority as an issuer of certificates. These are often self-signed and are used to validate other kinds of certificates. A CA might use different root certificates for different certificate applications to signify that different criteria were used to approve different certificates. The terms root certificate and root authority are often used synonymously.
Server certificate: Identifies a server and includes a digitally signed version of the server’s public key, Internet host name, the name of the organization that owns the server, and the public key of the issuing certificate authority. Use a server certificate to secure a Web server, by enabling SSL. This certificate validates the server to the client and establishes an encrypted session with the client. A server certificate is sometimes referred to as a site certificate or an SSL certificate.
Personal certificate: Identifies a person and includes a digitally signed version of the person’s name, organization, and public key. These certificates come in a variety of security levels based on the security policy used to obtain them. The level of trust granted to a certificate varies according to the security policy of each secure server.
Software publisher certificate:Identifies a software developer and includes a digitally signed version of the developer’s name, organization, and public key within the code. A developer uses this certificate to sign a software application for Internet distribution.
Content signing certificate: Identifies the owner of the content and includes a digitally signed version of the owner’s name, organization, and public key in the content. Use this certificate to sign content that is distributed, such as channels. This certificate authenticates the owner of the content to the end user who subscribes to the content.
In this article, we created our own certificate after learning about the theoretical topics such as what is SSL, what is TLS, what is OpenSSL and why it is used. On top of that, you can easily integrate and use it on your website by adding the features you want, because you sign it yourself and it’s up to you to make it reliable.
I hope I was helpful to you in this article. See you again in my next posts. 😊
More Resources
You can also arrive more detailed informations on this website and read this book which is recommended and made by OpenSSL.↓
