Skip to main content

Debian how to create your server's self signed SSL certificates


SSL stands for Secure Sockets Layer in short, it's the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems. The two systems can be a server and a client (for example, a shopping website and browser) or server to server (for example, an application with personal identifiable information or with payroll information). In general we would say  SSL Certificates protect your sensitive information such as credit card information, usernames, passwords etc.
This particular kind of cryptography harnesses the power of two keys which are long strings of randomly generated numbers. One is called a private key and another one is called a public key.A public key is known to your server and available in the public domain. It can be used to encrypt any message.

In this post I will show you how to properly configure OpenSSL which  is full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library. OpenSSL is a nice tool to help you became a CA (Certificaet Authority) to sign other people's CSR (Certificate Signing Request).OpenSSL can generate 2048-bit keys. Certificates generated by OpenSSL are compatible for "keytool" to import into 'keystore' files.  We will use 2048-Bit Private Keys, for most web sites, security provided by 2,048-bit RSA keys is sufficient. The RSA public key algorithm is widely supported, which makes keys of this type a safe default choice.

 Create your server's self signed SSL Certificates. 


Note: If you use your server for a business, it better to buy and use Formal Certificates.

cd /etc/ssl/private

openssl genrsa -aes128 -out server.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
......................+++++
....................+++++
e is 65537 (0x010001)
Enter pass phrase for server.key:     # set passphrase
Verifying - Enter pass phrase for server.key:    # confirm

# remove passphrase from private key

openssl rsa -in server.key -out server.key
Enter pass phrase for server.key:   # passphrase
writing RSA key

 generate certificate requests

openssl req -new -days 3650 -key server.key -out server.csr

Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:TZ
State or Province Name (full name) [Some-State]:Dar Es Salaam
Locality Name (eg, city) []:Dar Es Salaam
Organization Name (eg, company) [Internet Widgits Pty Ltd]:LBT
Organizational Unit Name (eg, section) []:internal labnet
Common Name (e.g. server FQDN or YOUR name) []:pyw.internal,labnet
Email Address []:admin@internal.labnet

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:



Generate a certificate signing request based on an existing certificate
openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650
Signature ok
subject=C = TZ, ST = Dar Es Salaam, L = Dar Es Salaam, O = LBT, OU = internal labnet, CN = "pyw.internal,labnet", emailAddress = admin@internal.labnet
Getting Private key
Labels:

Popular posts from this blog

django react app setting up the backend

On the previous article I demonstrated how we can use the generic views along with ModelSerializer classes to rapidly develop our REST APIs. Knowledge that you will need  in your career as full stack / backend developer, however think of this article as an extension to the previous one, equipped with what we already know about REST API we will step our game up and discuss about ViewSet, ModelViewset we will dig deep into the concepts of Routers which allow us to manage our api routes in a simple and sophisticated manner as well as helping to speed up building APIs even further. There for on part II of this article i'll work you through on how React application can consume this RESTful API. There for at the end of the day we will have a full stack web app, in short we strat our development at the backend then later on we move at the frontend... so are you excited and ready to take the challange? lets do this then..... you can get source code for the bakend on github Preparat...
Read more

How to Install PostgreSQL on debian stretch in oder to use it with your Django application and allow remote connection

In this guide, we'll demonstrate how to install and configure PostgreSQL to use with your Django applications. We will install the necessary software, create database credentials for our application, and then start and configure a Django project to use this backend. We will start by  install the database software and the associated libraries required to interact with them. This guide assumes that you allready have a working Django project. Step 1 – Prerequsities apt-get install python3-pip python3-dev libpq-dev postgresql postgresql-contrib Step 2 – Connect to PostgreSQL After installing the PostgreSQL database server by default, it creates a user ‘postgres’ with role ‘postgres’. It also creates a system account with the same name ‘postgres’. So to connect to postgres server, login to your system as user postgres and connect database. su - postgres You should now be in a shell session for the postgres user. Log into a Postgres session by typing:...
Read more

How to create REST API using Django REST Framework

This post begins with already working project and app's, I found that there some few requirement's that my project needed to handle and the best option for those requirement's was to use the Django's  Rest Framework. The way that I will tackle this task is more specific to the needs of the project rather than a one to one how to..., that being said you can still follow along, the approach that I'm going to use is easy to follow since I'll be providing a lot of information a log the way for better understanding of the why and how.....this code is available on Github , enough with the alerts and on with the show. Note:  If you would want to mimic the exactly settings then you will need to enable user authentication on your project you can follow this link for details .  Start with the DRF (Django Rest Framework) installation pip3 install djangorestframework For our app to use DRF, we'll have to add rest_framework into our settings.py.   nan...
Read more