Didier Stevens

Tuesday 30 December 2008

Howto: Make Your Own Cert With OpenSSL

Filed under: Encryption — Didier Stevens @ 21:18

Update: if you don’t have access to a machine with OpenSSL, I created a website to generate certs using the procedure described here. Read through the procedure, and then use the website listed at the end.

Ever wanted to make your own public key certificate for digital signatures? There are many recipes and tools on the net, like this one. My howto uses OpenSSL, and gives you a cert with a nice chain to your root CA.

First we generate a 4096-bit long RSA key for our root CA and store it in file ca.key:

openssl genrsa -out ca.key 4096

Generating RSA private key, 4096 bit long modulus
...................................................................................++
........................................................................++
e is 65537 (0x10001)

If you want to password-protect this key, add option -des3.

Next, we create our self-signed root CA certificate ca.crt; you’ll need to provide an identity for your root CA:

openssl req -new -x509 -days 1826 -key ca.key -out ca.crt

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:BE
State or Province Name (full name) [Berkshire]:Brussels
Locality Name (eg, city) [Newbury]:Brussels
Organization Name (eg, company) [My Company Ltd]:https://DidierStevens.com
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:Didier Stevens (https://DidierStevens.com)
Email Address []:didier stevens Google mail

The -x509 option is used for a self-signed certificate. 1826 days gives us a cert valid for 5 years.

20081230-220030

Next step: create our subordinate CA that will be used for the actual signing. First, generate the key:

openssl genrsa -out ia.key 4096

Generating RSA private key, 4096 bit long modulus
.....++
.............................................................................++
e is 65537 (0x10001)

Then, request a certificate for this subordinate CA:

openssl req -new -key ia.key -out ia.csr

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:BE
State or Province Name (full name) [Berkshire]:Brussels
Locality Name (eg, city) [Newbury]:Brussels
Organization Name (eg, company) [My Company Ltd]:https://DidierStevens.com
Organizational Unit Name (eg, section) []:Didier Stevens Code Signing (https://DidierStevens.com)
Common Name (eg, your name or your server's hostname) []:
Email Address []:didier stevens Google mail

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Next step: process the request for the subordinate CA certificate and get it signed by the root CA.

openssl x509 -req -days 730 -in ia.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out ia.crt

Signature ok
subject=/C=BE/ST=Brussels/L=Brussels/O=https://DidierStevens.com/OU=Didier Stevens Code Signing (https://DidierStevens.com)/emailAddress=didier stevens Google mail
Getting CA Private Key

The cert will be valid for 2 years (730 days) and I decided to choose my own serial number 01 for this cert (-set_serial 01). For the root CA, I let OpenSSL generate a random serial number.

That’s all there is to it! Of course, there are many options I didn’t use. Consult the OpenSSL documentation for more info. For example, I didn’t restrict my subordinate CA key usage to digital signatures. It can be used for anything, even making another subordinate CA. When you buy a code signing certificate, the CA company will limit its use to code signing.

20081230-220418

To use this subordinate CA key for Authenticode signatures with Microsoft’s signtool, you’ll have to package the keys and certs in a PKCS12 file:

openssl pkcs12 -export -out ia.p12 -inkey ia.key -in ia.crt -chain -CAfile ca.crt

Enter Export Password:
Verifying - Enter Export Password:

To sign executables in Windows with the signtool: install file ia.p12 in your certificate store (e.g. double click it), and then use signtool /wizard to sign your PE file.

I’ve used this process to generate certs for my own code signing, and for my Authenticode Challenge.

Update: don’t have OpenSSL? Use my website https://toolbokz.com/gencert.psp

40 Comments »

  1. [...] to Windows executables (PE files). This howto shows you how to use signtool. You’ll need to create your own certificate and key (or buy one) to sign [...]

    Pingback by Howto: Add a Digital Signature to Executables « Didier Stevens — Wednesday 31 December 2008 @ 10:57

  2. [...] now I sign good.exe with my own cert. But there’s a little change in the code signing procedure I explained in this other [...]

    Pingback by Playing With Authenticode and MD5 Collisions « Didier Stevens — Saturday 17 January 2009 @ 15:13

  3. Hallo Didier,

    Merci voor de nuttige info. Ik kan het goed gebruiken :-) Waarvoor ex-collega’s al niet goed zijn hé.

    Groeten,
    Geert

    Comment by Geert Bex — Tuesday 10 March 2009 @ 19:06

  4. Inderdaad, België is klein hé!

    Comment by Didier Stevens — Tuesday 10 March 2009 @ 19:31

  5. Thanks for this post. It came in very handy for testing SSL support in hMailServer on Windows.

    Comment by Kevin miller — Wednesday 11 March 2009 @ 19:49

  6. Hi,
    I followed the steps exactly and I got this error:
    Error self signed certificate getting chain.
    Any idea?

    Comment by M — Wednesday 29 April 2009 @ 9:46

  7. Forgot to mention, I get the error after running this command:
    openssl pkcs12 -export -out ia.p12 -inkey ia.key -in ia.crt -chain -CAfile ca.crt
    The other commands work fine

    Comment by M — Wednesday 29 April 2009 @ 9:50

  8. The error is:
    Error self signed certificate getting chain.

    Comment by M — Wednesday 29 April 2009 @ 10:02

  9. What version of OpenSSL are you using, and on which OS?

    Comment by Didier Stevens — Wednesday 29 April 2009 @ 11:29

  10. OpenSSL 0.9.8b 04 May 2006
    running on x86_64 GNU/Linux

    Comment by M — Wednesday 29 April 2009 @ 11:32

  11. I’ve also done the procedure on an older version of OpenSSL than yours (0.9.7a), so it’s probably not version dependent. If you can share your keysfiles and cert files, I’m willing to try on my machine. I have a gmail account, details on my About page.

    Comment by Didier Stevens — Wednesday 29 April 2009 @ 11:47

  12. Update: the reason of “Error self signed certificate getting chain.” is that you use identical data for your CA and IA certificate.

    Comment by Didier Stevens — Monday 4 May 2009 @ 20:07

  13. Thank you so much for sharing this!

    In your instructions, I don’t know how you got around the requirement of designating an openssl.cnf configuration file. Maybe the version of OpenSSL you were using was compiled to look for it in the right place. Mine was compiled to look for it in /usr/local/ssl/openssl.cnf, which doesn’t exist on a Windows machine.

    The next problem is, that on Windows XP at least, .cnf files are designated a NetMeeting “SpeedDial” files. But you can edit the file extension to break this link, or better yet have the extension open in Notepad. This isn’t absolutely necessary though.

    I found the default openssl.cnf file installed in my OpenSSL/share directory, so I moved it to the bin directory, so when I ran openssl from there, I could just add -config openssl.cnf to my openssl commands when it complained about not finding it.

    Finally, thank you again for your comment about the “Error self signed certificate getting chain” error. I went back and changed some of my answers to the cert issuing questions, and the error disappeared when I tried again.

    My next task is to install a certificate (which one?) on my intranet Active Directory domain server, so all the computers in my domain will trust code that I sign with my digital signature.

    Comment by jeng1111 — Friday 5 March 2010 @ 21:17

  14. @jeng1111 It’s the root CA you need to distribute (the self-signed one).

    Comment by Didier Stevens — Friday 5 March 2010 @ 22:49

  15. Thanks for your help! I installed my root cert on the other machines in the office by going to Start > Run… > mmc > File > Add/Remove snap-in > Add… and choosing Certificates. Then I right-clicked somewhere to import the root cert file I had made.

    After I had installed the root CA, when I opened a file in Microsoft Office that I had signed (with a certificate that had been issued using that same root cert), I was presented with the option of always trusting files signed liked that.

    Next I would like to experiment with creating a certificate just for code signing. I believe the information is here: http://www.openssl.org/docs/apps/x509v3_config.html under “Extended Key Usage.”

    Comment by jeng1111 — Friday 16 April 2010 @ 19:54

  16. [...] you’ve a root certificate, like one created using this method. Here’s how to install it in your account’s “Trusted Root Certificate [...]

    Pingback by Quickpost: Adding Certificates to the Certificate Store « Didier Stevens — Sunday 31 October 2010 @ 13:31

  17. I created 1 cert wrong, so I deleted files but I cant create new cert.

    OpenSSL> pkcs12 -export -out ia.p12 -inkey ia.key -in ia.crt -chain -CAfile ca.c
    rt
    Loading ‘screen’ into random state – done
    Error self signed certificate getting chain.
    error in pkcs12
    OpenSSL>

    Comment by rain — Friday 22 April 2011 @ 21:30

  18. Got this problem fixed but still got problem

    It shows that new cert with old’s name and issuer. Any fix?

    Comment by rain — Friday 22 April 2011 @ 21:49

  19. [...] would be to sign the driver yourself… http://technet.microsoft.com/en-us/l…52(WS.10).aspx http://blog.didierstevens.com/2008/1…-with-openssl/ Reply With Quote [...]

    Pingback by MDT 2010 / Windows 7, driver ranking problem for Realtek HD Audio — Wednesday 18 May 2011 @ 7:10

  20. [...] http://blog.didierstevens.com/2008/12/30/howto-make-your-own-cert-with-openssl/ This entry was posted on marți, august 16th, 2011 at 14:57 and is filed under Linux. You can [...]

    Pingback by Howto: Make Your Own Cert With OpenSSL | Laurentiu Blog — Tuesday 16 August 2011 @ 10:05

  21. [...] the pieces to test this flag. A normal authenticode signature is not enough. And you can not use a selfsigned certificate. You need to buy a certificate (aka Software Publisher Certificate, SPC) from a commercial CA for [...]

    Pingback by Using DLLCHARACTERISTICS’ FORCE_INTEGRITY Flag « Didier Stevens — Thursday 27 October 2011 @ 17:46

  22. Hi,
    I followed the steps exactly and I got this error:
    Error self signed certificate getting chain.
    Any idea?

    Comment by Prashanth — Wednesday 15 February 2012 @ 7:17

  23. @Prashant Take a look at the first comments, your problem was addressed there.

    Comment by Didier Stevens — Wednesday 15 February 2012 @ 11:45

  24. Hello Didier,
    I copy-paste exactly your commands and got stuck on p12 generation:
    Loading ‘screen’ into random state –

    and then …. nothing, never exits. Then, unfortunately it is not done for some reason.

    The ca private is not protected by a password like in your initial command then no need to give a password. Could I use an openssl with restricted features for some limited exportation reason? I have OpenSSL 1.0.1c 10 May 2012 installed.

    The irony is that I’ve been using your commands because I had the same issue with my own script!
    Is it a matter of format? My understanding is that we have PEM here. Any idea would be great, thks
    –Jerome

    Comment by Jerome — Wednesday 21 November 2012 @ 10:33

  25. Answer to myself (comment 24): because as explained here (http://stackoverflow.com/questions/94445/using-openssl-what-does-unable-to-write-random-state-mean) the environment is not properly set: I was working on windows with unset variables. I guess here openssl cannot find (RANDFILE). Tried on Unbuntu and works fine.
    Anyway Stevens, thanks for sharing these commands with the community
    –Jerome

    Comment by Jerome — Wednesday 21 November 2012 @ 14:38

  26. This is quite a good tutorial. The problem that I see (or maybe the solution that I am missing) is that there is always a trust failure when signing documents for distribution. It does not matter if a chain of essentially self-signed certificates is made if there is no recognized CA in the chain.

    I tried the method in this post to sign a PDF. The signature had problems with validation.

    A well-known CA issues certificates that are usually used for email, but there is no problem signing other document formats with these, and they validate perfectly. I know it will not validate a website. It probably cannot sign code, but I have not tried this.

    I wonder if it would be possible to generate a certificate using the CA to sign it, then generate a personal certificate from the certificate generated.

    Has anyone figured out a way to make the address bar turn green with self-generated chains?

    Comment by Ringo — Thursday 6 December 2012 @ 4:01

  27. @Ringo A green address bar indicates an Extended Validation Certificate. Each CA has its own OID(s) to identify such a certificate. See here:

    https://en.wikipedia.org/wiki/Extended_Validation_Certificate#Extended_Validation_certificate_identification

    Comment by Didier Stevens — Thursday 6 December 2012 @ 10:09

  28. @Didier – True, and each CA has its own identifiers which are known and incorporated into certificates and instruct the browser to display the green address bar. Please see here:

    http://en.wikipedia.org/wiki/Extended_Validation_Certificate#Extended_Validation_certificate_identification.

    The green bar comment was actually meant to be taken as a joke. I found your much earlier post on setdllcharacteristics and forcing the BIOS to report DEP interesting and wondered if you had come any further.

    I am trying to install W8 on an old computer. Since it is impossible to force the motherboard to do something it cannot do, it seemed reasonable to lie about DEP and NX to get W8 installed. Oddly, it installs from within 7 but hangs from DVD. I do not know how vigorously the W8 installer checks for NX, nor where the check occurs. The previous method of modifying a dll file seems not to work as it did in the past.

    Thanks,

    R.

    Comment by Ringo — Thursday 6 December 2012 @ 16:05

  29. My last comment got zapped. Anyone know why?

    R.

    Comment by Ringo — Thursday 6 December 2012 @ 16:58

  30. Bizarre. It just reappeared after I posted again….

    Comment by Ringo — Thursday 6 December 2012 @ 17:00

  31. @Ringo Comments are moderated, I’ve to approve them.
    I get way to much comment SPAM.

    Comment by Didier Stevens — Thursday 6 December 2012 @ 17:30

  32. Re: Comment 13.
    ———————-

    Under Windows, just create (mkdir) the directory \usr\local\ssl\ minding the direction of the slashes. Then make a shortcut back to openssl.cnf. Really, it’s also just as easy to copy the openssl.cnf file to the right place once you’ve made the directory.

    Ringo

    Comment by Ringo — Thursday 6 December 2012 @ 18:24

  33. [...] we use our certificate which we install (open the .p12 file). Install the free JSignPdf [...]

    Pingback by Howto: Add a Digital Signature to a PDF File – Free Software | Didier Stevens — Friday 26 April 2013 @ 12:58

  34. [...] is a variant to my “Howto: Make Your Own Cert With OpenSSL” method. This time, I needed a signing cert with a Certificate Revocation List (CRL) extension and [...]

    Pingback by Howto: Make Your Own Cert And Revocation List With OpenSSL | Didier Stevens — Wednesday 8 May 2013 @ 10:34

  35. […] I followed instructions at http://blog.didierstevens.com/2008/12/30/howto-make-your-own-cert-with-openssl/ to make a self signed root certificate for signing the server and client […]

    Pingback by Postgresql SSL certificates | Pontifier's thoughts — Friday 19 July 2013 @ 19:02

  36. HI Didier,

    I was trying to set up a Mikrotik router to accept ssl login via a web browser. It requires an ssl certificate. I found your website and followed the instructions. I was able to create an ssl certificate on my Linux computer. I then transferred the ca.key and ca.crt files to the Mikrotik router and was able to set up the router to receive www-ssl.

    Thank you very much for your instructions.

    Sincerely,
    Don James
    donaldbjames@suddenlinkmail.com

    http://donaldbjames.com

    Henderson, Texas USA

    Comment by Don James — Tuesday 10 December 2013 @ 3:18

  37. […] set up my root certificate, I followed this great tutorial by Didier Stevens. First, I created a new root CA certificate. Then, I created an intermediate […]

    Pingback by Setting up a PKI | The blog of Nathan Hunstad — Sunday 31 August 2014 @ 0:42


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 231 other followers

%d bloggers like this: