Lab - SSL & TLS Basics Q -12

DevOps
#1

Hi All,

  1. How to verify entries for app01.crt certificate ? I tried,

    openssl req -noout -text -in app01.crt

    (replaced app01.csr with app01.crt), but it’s throwing error.

  2. I understand that we need CSR to get a certificate from a verified external CA but since we are creating a self-signed certificate, can we skip the CSR creation step or is there a relation between CSR and self-signed certificate ?

#2

Hi @tanishqakula ,

You ask a very interested question :

  1. to verify the crt try the following command
openssl x509 -text -noout  -in app01.crt
  1. Yes, it’s possible to skip CSR creation for self-authorize certificate for that you can use the following command :
openssl req -newkey rsa:4096 \
            -x509 \
            -sha256 \
            -days 365 \
            -nodes \
            -out app01.crt \
            -keyout app01.key

With this command you will have prompt to give information about the certificat (the one you give when you generate the CSR).

Capture d’écran 2022-09-22 à 01.08.39
Capture d’écran 2022-09-22 à 01.08.39940×638 29.5 KB

if you plain to use the self signed certifcate for a web on dev or intranet, you need to create you own CA (certificate Authority). The link below explain it step by step :

Regards

2 Likes
#3

Hi @mmkmou,

Thanks for clarification and sharing the link :slightly_smiling_face:

Regards