{"id":1886,"date":"2016-09-07T10:00:05","date_gmt":"2016-09-07T14:00:05","guid":{"rendered":"http:\/\/www.mymiller.name\/wordpress\/?p=1886"},"modified":"2016-09-06T21:50:56","modified_gmt":"2016-09-07T01:50:56","slug":"certificate-authority-create-your-own","status":"publish","type":"post","link":"https:\/\/www.mymiller.name\/wordpress\/app\/certificate-authority-create-your-own\/","title":{"rendered":"Certificate Authority creating your own!"},"content":{"rendered":"

Ready to create your own self signed certificates? \u00a0First step is to crate a Certificate Authority. \u00a0It’s easy if you follow the correct steps. We’ll break this down into different sections.<\/p>\n

Install OpenSSL<\/h2>\n

Assuming your on Linux, you will need to issue the command “sudo apt-get install openssl”. \u00a0This will install openssl on your system for you. \u00a0Now you have it installed your ready to get cracking!<\/p>\n

Create your Certificate Authority\u00a0Key<\/h2>\n

First step is to create your Certificate Authority Key. \u00a0This is fairly simple process. \u00a0Follow the steps below:<\/p>\n

    \n
  1. Change directory to the location you want create your Certificate Authority Key. Henceforth known as your SSL directory<\/li>\n
  2. Enter the command “openssl<\/em><\/strong>” this will open the openssl command problem to make it easier to enter the commands.<\/li>\n
  3. Enter the command “genrsa -out rootCA.key 2048<\/em><\/strong>“. \u00a0This will create a 2048 bit Key, much more secure than the 1024, but not as secure as the 4096. \u00a0Increasing to 4096 will create additional work on each machine encoding\/decoding against that key.<\/li>\n
  4. Now you need to sign your Certificate Authority key, enter this command: “req -x509 -new -nodes -key rootCA.key -sha256 -days 1095\u00a0-out rootCA.pem<\/em><\/strong>” Fill out the questions your prompted to complete.\"Certificate<\/li>\n
  5. You need to keep your rootCA.key file safe, this is the key to keeping your Certificate Authority trustworthy.<\/li>\n
  6. You now have a rootCA.pem this is the file you pass around to add your Certificate Authority to browsers.<\/li>\n<\/ol>\n

    Create an Intermediate Certificate Authority Key<\/h2>\n

    You crate an Intermediate Certificate Authority Key to do the bulk of your signing. \u00a0This allows you to keep your Certificate Authority Key secure and seldom used. \u00a0Thus if the Intermediate Certificate Authority Key is compromised you can revoke it, and generate a new one.<\/p>\n

      \n
    1. Change directory to your SSL directory<\/li>\n
    2. Enter the command “openssl<\/em><\/strong>” this will open the openssl command problem to make it easier to enter the commands.<\/li>\n
    3. Enter the command “genrsa -out rootIntCA.key 2048<\/em><\/strong>“. \u00a0This will create a 2048 bit Key, again much more secure than the 1024, but not as secure as the 4096. \u00a0Increasing to 4096 will create additional work on each machine encoding\/decoding against that key.<\/li>\n
    4. Next enter the command “req -new -key rootIntCA.key -out rootIntCA.csr<\/em><\/strong>“. \u00a0You will be given the same prompts as before, however this time you need to complete it terms of the device your creating the Key for. \u00a0One extremely important step, is the “Common Name (e.g. server FQDN or YOUR name)” prompt, must be the hostname you see in your browser if your creating a key for SSL in the browser. \u00a0If it’s a Fully Qualified Domain Name, or an IP address that is the value you need to enter into this field. \u00a0Otherwise it will not work.<\/li>\n
    5. Finally it’s time to sign the key, use this command “x509 -req -in rootIntCA.csr\u00a0-CA rootCA.pem -CAkey rootCA.key -CAcreateserial -sha256 -days 730\u00a0-out rootIntCA.pem<\/em><\/strong>“. \u00a0This will create a certificate that is valid for 2 years (730 days).<\/li>\n
    6. Now you have your key hostname.key<\/li>\n
    7. Now you have your certificate hostname.crt<\/li>\n<\/ol>\n

      Create Keys for devices<\/h2>\n

      Now your ready to start creating keys for devices. \u00a0This follows a process that is very similar to creating the CA key above.<\/p>\n

        \n
      1. Change directory to your SSL directory<\/li>\n
      2. Enter the command “openssl<\/em><\/strong>” this will open the openssl command problem to make it easier to enter the commands.<\/li>\n
      3. Enter the command “genrsa -out hostname.key 2048<\/em><\/strong>“. \u00a0This will create a 2048 bit Key, again much more secure than the 1024, but not as secure as the 4096. \u00a0Increasing to 4096 will create additional work on each machine encoding\/decoding against that key.<\/li>\n
      4. Next enter the command “req -new -key hostname.key -out hostname.csr<\/em><\/strong>“. \u00a0You will be given the same prompts as before, however this time you need to complete it terms of the device your creating the Key for. \u00a0One extremely important step, is the “Common Name (e.g. server FQDN or YOUR name)” prompt, must be the hostname you see in your browser if your creating a key for SSL in the browser. \u00a0If it’s a Fully Qualified Domain Name, or an IP address that is the value you need to enter into this field. \u00a0Otherwise it will not work.<\/li>\n
      5. Finally it’s time to sign the key, use this command “x509 -req -in hostname.csr -CA rootIntCA.pem -CAkey rootIntCA.key -CAcreateserial -out hostname.crt -days 730 \u00a0-sha256<\/em><\/strong>“. \u00a0This will create a certificate that is valid for 2 years (730 days).<\/li>\n
      6. Now you have your key hostname.key<\/li>\n
      7. Now you have your certificate hostname.crt<\/li>\n<\/ol>\n

        Create a Key\/Certificate for your email ID<\/h2>\n
          \n
        1. Change directory to your SSL directory<\/li>\n
        2. Enter the command “openssl<\/em><\/strong>” this will open the openssl command problem to make it easier to enter the commands.<\/li>\n
        3. Enter the command “genrsa -out username.key 2048<\/em><\/strong>“. \u00a0This will create a 2048 bit Key, again much more secure than the 1024, but not as secure as the 4096. \u00a0Increasing to 4096 will create additional work on each machine encoding\/decoding against that key.<\/li>\n
        4. Next enter the command “req -new -key username.key -out username.csr<\/em><\/strong>“. \u00a0You will be given the same prompts as before, however this time you need to complete it terms of the device your creating the Key for. \u00a0One extremely important step, is the “Common Name (e.g. server FQDN or YOUR name)” prompt, must be your name. Also the Email Address field must be set to your email address. Otherwise it will not work.<\/li>\n
        5. Finally it’s time to sign the key, use this command “pkcs12 -export -out username.p12 -days 365 -inkey username.key -in username.crt -chain -CAfile rootIntCA.crt<\/em><\/strong>“.<\/li>\n
        6. Now you have your key username.key<\/li>\n
        7. Now you have your certificate\u00a0username.p12<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"

          Ready to create your own self signed certificates? \u00a0First step is to crate a Certificate Authority. \u00a0It’s easy if you follow the correct steps. We’ll break this down into different sections. Install OpenSSL Assuming your on Linux, you will need to issue the command “sudo apt-get install openssl”. \u00a0This will install openssl on your system […]<\/p>\n","protected":false},"author":1,"featured_media":1893,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[3],"tags":[],"series":[],"class_list":["post-1886","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-app"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2016\/09\/security-1202344_640.png?fit=640%2C360&ssl=1","jetpack-related-posts":[{"id":3594,"url":"https:\/\/www.mymiller.name\/wordpress\/docker\/fips-jdk-21-image\/","url_meta":{"origin":1886,"position":0},"title":"FIPS JDK 21 Image","author":"Jeffery Miller","date":"July 12, 2024","format":false,"excerpt":"Warning: Use FIPS Instructions at Your Own Risk The provided Dockerfile and instructions are intended to assist in creating a FIPS-compliant environment for your Spring Boot application. However, achieving and maintaining FIPS compliance is a complex process with potential legal and security implications. By following these instructions, you acknowledge and\u2026","rel":"","context":"In "Docker"","block_context":{"text":"Docker","link":"https:\/\/www.mymiller.name\/wordpress\/category\/docker\/"},"img":{"alt_text":"","src":"https:\/\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/06\/Gemini_Generated_Image_6lwv546lwv546lwv-jpg.avif","width":350,"height":200,"srcset":"https:\/\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/06\/Gemini_Generated_Image_6lwv546lwv546lwv-jpg.avif 1x, https:\/\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/06\/Gemini_Generated_Image_6lwv546lwv546lwv-jpg.avif 1.5x, https:\/\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/06\/Gemini_Generated_Image_6lwv546lwv546lwv-jpg.avif 2x, https:\/\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/06\/Gemini_Generated_Image_6lwv546lwv546lwv-jpg.avif 3x"},"classes":[]},{"id":2511,"url":"https:\/\/www.mymiller.name\/wordpress\/angular\/angular-environment\/","url_meta":{"origin":1886,"position":1},"title":"Angular Environment","author":"Jeffery Miller","date":"March 11, 2019","format":false,"excerpt":"Building a website for today and tomorrow begins with Angular. Yes I am a proponent of Angular over many other client frameworks. Let's look over the goals of this post to help you get started. Node.jsAngular-CliAngular Workspace Angular Material Installing Node.js First step you need to do is to install\u2026","rel":"","context":"In "Angular"","block_context":{"text":"Angular","link":"https:\/\/www.mymiller.name\/wordpress\/category\/angular\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2019\/03\/geometry-1023846_640.jpg?fit=640%2C359&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2019\/03\/geometry-1023846_640.jpg?fit=640%2C359&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2019\/03\/geometry-1023846_640.jpg?fit=640%2C359&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":3080,"url":"https:\/\/www.mymiller.name\/wordpress\/misc\/multi-directory-git\/","url_meta":{"origin":1886,"position":2},"title":"Multi-Directory GIT","author":"Jeffery Miller","date":"December 24, 2025","format":false,"excerpt":"You may or may not find this useful. I work with a my GIT repositories all at the same level. I like to keep them in sync. However going to each repository and repeating the commands is a pain. So I created the following shell script to make my life\u2026","rel":"","context":"In "Miscellaneous"","block_context":{"text":"Miscellaneous","link":"https:\/\/www.mymiller.name\/wordpress\/category\/misc\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2676,"url":"https:\/\/www.mymiller.name\/wordpress\/app\/linux-desktop-on-windows-10\/","url_meta":{"origin":1886,"position":3},"title":"Linux Desktop on Windows 10","author":"Jeffery Miller","date":"September 13, 2021","format":false,"excerpt":"Enabled Windows Subsystem for Linux First step is to make sure you have Windows 10 Fall Creators Update installed. This can be found here. Complete this update then search for Ubuntu in the Microsoft Store. I recommend Ubuntu 18.04 LTS, as this will be supported for a number of years\u2026","rel":"","context":"In "Technology"","block_context":{"text":"Technology","link":"https:\/\/www.mymiller.name\/wordpress\/category\/app\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2020\/02\/computer-4674946_640.jpg?fit=640%2C480&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2020\/02\/computer-4674946_640.jpg?fit=640%2C480&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2020\/02\/computer-4674946_640.jpg?fit=640%2C480&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":3466,"url":"https:\/\/www.mymiller.name\/wordpress\/spring_shell\/exploring-spring-shell-a-comprehensive-guide\/","url_meta":{"origin":1886,"position":4},"title":"Exploring Spring Shell: A Comprehensive Guide","author":"Jeffery Miller","date":"December 24, 2025","format":false,"excerpt":"Spring Shell seamlessly integrates command-line applications with the Spring framework, offering a robust and flexible environment for developers. In this article, we'll expand on setting up a Spring Shell project and explore its features, with a detailed focus on parameters, options, and annotations available for crafting powerful commands in Java.\u2026","rel":"","context":"In "Spring Shell"","block_context":{"text":"Spring Shell","link":"https:\/\/www.mymiller.name\/wordpress\/category\/spring_shell\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2016\/06\/coding-699318_640.jpg?fit=640%2C437&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2016\/06\/coding-699318_640.jpg?fit=640%2C437&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2016\/06\/coding-699318_640.jpg?fit=640%2C437&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":3897,"url":"https:\/\/www.mymiller.name\/wordpress\/spring_ai\/a-beginners-guide-to-setting-up-ollama-with-docker-compose\/","url_meta":{"origin":1886,"position":5},"title":"A Beginner’s Guide to Setting Up Ollama with Docker Compose","author":"Jeffery Miller","date":"December 24, 2025","format":false,"excerpt":"Have you ever wanted to run a powerful large language model (LLM) like Llama 3 or Gemma right on your own computer, but you need a consistent and portable setup? That's where using Ollama with Docker and Docker Compose comes in. Docker Compose is a fantastic tool that allows you\u2026","rel":"","context":"In "Spring AI"","block_context":{"text":"Spring AI","link":"https:\/\/www.mymiller.name\/wordpress\/category\/spring_ai\/"},"img":{"alt_text":"","src":"https:\/\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2025\/08\/ai-generated-8012676_1280.avif","width":350,"height":200,"srcset":"https:\/\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2025\/08\/ai-generated-8012676_1280.avif 1x, https:\/\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2025\/08\/ai-generated-8012676_1280.avif 1.5x, https:\/\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2025\/08\/ai-generated-8012676_1280.avif 2x, https:\/\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2025\/08\/ai-generated-8012676_1280.avif 3x"},"classes":[]}],"jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/posts\/1886","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/comments?post=1886"}],"version-history":[{"count":7,"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/posts\/1886\/revisions"}],"predecessor-version":[{"id":1895,"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/posts\/1886\/revisions\/1895"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/media\/1893"}],"wp:attachment":[{"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/media?parent=1886"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/categories?post=1886"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/tags?post=1886"},{"taxonomy":"series","embeddable":true,"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/series?post=1886"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}