Creating custom Certificates

SSL Certificates

There are two kinds of certificates: those signed by a 'Certificate Authority', or CA, and 'self-signed' certificates. A Certificate Authority is a trusted source for an SSL certificate, and using a certificate from a CA allows your users to trust the identity of your website. In most cases, you would want to use a CA-signed certificate in a production environment. For testing purposes, however, a self-signed certificate is completely sufficient.

To generate a self-signed certificate, run the following command in an openSSL shell:

openSSL> req -newkey rsa:2048 -nodes -keyout vimacc_SSL.key -x509 -days 730 -out vimacc_SSL_selfsigned_cert.pem -config C:\Projects\vimacc\third-party\openssl\Windows\x64\debug\ssl\openssl.cnf

You will be prompted with some questions (You can find more detailed instructions on this under e.g. digitalocean.com or ssl-trust.com) that could for example, look like this:

# Country Name (2 letter code) [AU]:                          DE
# State or Province Name (full name) [Some-State]:            Niedersachsen
# Locality Name (eg, city) []:                                Hannover
# Organization Name (eg, company) [Internet Widgits Pty Ltd]: Accellence Technologies GmbH
# Organizational Unit Name (eg, section) []:                  vimacc VMS
# Common Name (eg, YOUR name) []:                             SSL vimacc (better no accellence domain name here!)
# Email Address []:                                           info@accellence.de

This should leave you with two files, vimacc_SSL_selfsigned_cert.pem (the certificate) and vimacc_SSL.key (the private key). This is all you need for an SSL connection.

Working with signed certificates

Another approach is to only work with signed certificates:

  • The client must create a CSR (Certificate signing request) with the details from the server (e.g. address, port, other data).
  • The administrator of the client system must send this CSR to the administrator of the server system.
  • The CSR is signed on the server-side system and the signed certificate must be sent back to the administrator of the client side.
  • During connection, the client also sends a certificate to the server and due to the signing process the server can identify the client as well.

This means that only known clients can establish a connection.

Note: The vimacc folder for certificates is c:\data\certificates
Note: Certificates can be viewed with the following command:
openssl x509 -in certificate.pem -text