Search (advanced search) | ||||
Use this Search form before posting, asking or make a new thread.
|
10-22-2013, 06:43 PM
(This post was last modified: 10-22-2013 07:04 PM by StevieRay.)
Post: #1
|
|||
|
|||
[TUTORIAL] How to create "FREE SSL Certificate" for your website's!
Get ready to create "FREE SSL CERTIFICATE" for your website!
Make OpenSSL Certificate and self sign. This tutorial is composed of the book SSL and TLS ! I have here a few examples being used. In particular, the config file and signing.INDEX: 1. What is an SSL certificate 2. An easy start 3. Create CA Certificate 4. certificate Signing 1. What is an SSL Certificate ? SSL stands for Secure Socket Layer , is a protocol for a secure connection . you do see is a page where " https:// " For state instead of " http:// " You can see especially on pages where online payments transferred . Or forms where personal information is requested. The benefit is that the data is never released to anyone else. 2. An easy start Download openSSL here and install it. Make sure it is installed on the C :/ drive is. So you would have to look like C :/ Openssl folder structure on your C drive Now go to Control Panel - > System - > Advanced - > Environment Variables Now you see the bottom of the dialog box, System Variables and add C : Openssl in to the system path the property is called the Variable PATH . Now go to your C :/ drive and create a new workbook thats called ssl Now you see C :/ drive like this C :/ ssl Go to the CMD window and go to C :/ ssl Now you're there , type the following commands md certs md requests md keys copy con database.txt ^ Z copy con serial.txt 01 ^ z The old DOS veterans will recognize this way of working that Ctrl + Z ensures that you get an empty file called database.txt Important: ! That ^ z is a CTRL + Z no shift +6 + z ! remember that ! " I ATTACHED THE FILE BELOW THIS POST! " I've edited it myself so there might still be flaws in it but it works fine with me, and the config file you must save as openssl.conf in the ssl folder It is extremely important that you download the file and save it as openssl.conf in the folder ssl ! Now you have a whole new workbook it is superfluous , but it makes a lot of things a lot easier ! I MEAN TO SAY A FOLDER WHERE YOU AUTOMATICALLY STORE THE CERTIFICATES IN AND THAT KIND OF THINGS AND WHERE YOU STORE THE CONFIG FILE ! 2. A certificate request. uitvoeren -> cmd.">Go to Start - > Run - > cmd . Start by typing cd to your working directory and then cd ssl. Now you get the cmd window to see this. C :/ ssl > Now we can make a request that we want to create an SSL certificate. Now type openssl req -new- nodes -out requests / certreq.txt - keyout keys / privatekey.pem Now do you see the following. Loading ' screen' into random state - done Generating a 1024 bit RSA private key ..................... + + + + + + + + + ............. + + + + ..... + ................. + + + + + + + writing new private key to ' privatekey.pem ------ You are about to be asked to enter information that will be incorporated into your certificate request . What you are about to enter is what is called a distinquished A Name or DN . There are quite a few fields but you can leave some blank For some fields there will be a default value , If you enter '. ' , The field will be left blank . ------- Country Name ( 2 letter code ) [ ] : 'US' State or Province Name (full name) [ ] : 'Florida' Locality Name ( eg , city ) [ ] : 'Orlando' Organization Name ( eg , company) [ ] : 'Your company name !' Organizational Unit Name ( eg , section) [ ] : 'the industry' Common name ( eg , your websites domain name) [ ] : 'yourwebsitedomain.com' Email Address [ ] : email@email.nl Please enter the following ' extra ' attributes to be sent with your certificate request A challenge password [ ] : 'password' Now you have a certificate request and a key made. The certificate request is the file that is called certreq.txt is stored in the folder c :/ ssl / requests / A file that is called privatekey.pem your private key that you need to match your host certificate. "Keep this key properly and safely! YOUR EYES ONLY FILE!" 3. Create CA Certificate CA stands for Certificate Authorities and agencies that sign certificates that are the best known Verisign. But we're so our own self- signed CA certificate making . First, we generate our CA key needed to sign the certificate. Now type : openssl genrsa - des3 -out keys / ca.key 1024 and now you get to see the following : Loading ' screen' into random state - done Generating RSA private key , 1024 bit long modulus ................... + + + + + + + ..... + + + + + + + + + + + ..... + ... + ............. + + + + + e is 65537 ( 0x10001 ) Enter pass phrase for keys / ca.key : password Verifying - Enter pass phrase for keys / ca.key : password_again ">C : ssl > Now is your CA key in the folder C : sslkeys this key is also important. Keep them safe same as you privatekey.pem! Now we can start making a CA certificate by the degree of this command : openssl req - config openssl.conf -new- x509 -days 1001 -key keys / ca.key -out certs / ca.cer Now you will see the following again : Enter pass phrase for keys / ca.key : password You are about to be asked to enter information that will be incorporated into your certificate request . What you are about to enter is what is called a Distinguished Name or a DN . There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ' ' , The field will be left blank . ------ Country Name ( 2 letter code ) [ ] : 'US' State or province name ( full name) [ ] : 'Florida' Locality Name ( eg , city ) [ ] : 'Orlando' Organization Name ( eg , company) [ ] : 'Company Name' Organizational Unit Name ( eg , section) [ ] : 'industry' Comman Name ( eg , your websites domain name) [ ] : 'yourwebsitedomain.com' Email Address [ ] : 'email@email.nl' ">C : ssl > Now we have a CA certificate that we will sign the certificate request it . So it becomes a trusted certificate . 4. Certificate. You can sign the certificate signed by the following command: openssl ca -policy policy_anything openssl.conf - config - cert certs / ca.cer - in requests / certreq.txt - keyfile keys / ca.key -days 360 -out certs / iis.cer Now do you see the following : Using configuration from openssl.conf Loading ' screen' into random state - done Enter pass phrase for keys / ca.key : 'Password' Check That the request matches the signature Signature OK ! The subject 's Distinguished Name is as follows Country Name :: PRINTABLE : 'US' Stateorprovincename : PRINTABLE : 'Florida' LocalityName :: PRINTABLE : 'Orlando' OrganizationName : PRINTABLE : ' company name ' Organizational Unit Name : PRINTABLE : ' Industry ' Common Name : PRINTABLE : ' yourwebsitedomain.com.com ' email address: PRINTABLE : ' email@email.nl ' Certificate is to be certified until Apr 12 11:47:19 2008 GMT (360 days ) Sign the certificate [ y / n ] : y 1 out of 1 certificate requests certified , commit ? [ y / n ] : y Data Base Updated ">C : ssl > Now we have signed the certificate. Now we make it compatible with windows to avoid certain warnings. With the following command : openssl x509 - in certs / iis.cer out certs/iisx509.cer If you are going to host you need the privatekey.pem thats in your keys folder. And your CA certificate is your iis.cer and the certificate itself is iisx509.cer Host those 3 files in the root folder of your webserver(domain) you created it for. And you have created an https connection ready SSL Certificate domain! Good luck all! CopyMyCash |
|||
10-22-2013, 06:52 PM
Post: #2
|
|||
|
|||
RE:
tnx for this tutorial .. u are awesome !! lemme c if this works or not !! anyways for this post , surely rep added !!
|
|||
10-22-2013, 11:33 PM
Post: #3
|
|||
|
|||
RE:
really great tut
i have little question, if my host don"t support ssl,when i upload that files and folder to my root domain will be working,especially can i use it to create facebook apps will MY PC safe if I HOST THIS SSL APPLICATION? thanks CopyMyCash |
|||
10-23-2013, 04:14 AM
Post: #4
|
|||
|
|||
RE:
Nice Tutorial - May give this a shot later.
|
|||
10-23-2013, 05:05 AM
Post: #5
|
|||
|
|||
RE: | |||
10-23-2013, 06:30 AM
Post: #6
|
|||
|
|||
RE:
Hello,
Where is the 64bit version :o ? |
|||
10-23-2013, 06:39 AM
Post: #7
|
|||
|
|||
RE:
+Rep to you @THOR. This is a great method for anyone who wants to do business online.
|
|||
10-23-2013, 08:16 AM
Post: #8
|
|||
|
|||
RE:
CREATE YOUR OWN SSL CERTIFICATE FOR YOUR DOMAIN!
|
|||
10-30-2013, 04:07 PM
(This post was last modified: 10-30-2013 04:08 PM by nercciss.)
Post: #9
|
|||
|
|||
RE:
Great share mate
|
|||
10-30-2013, 07:57 PM
Post: #10
|
|||
|
|||
RE: | |||