# Self-signed Certificate Guide
###### tags: `Self-signed Certificate`
### Prerequisites
- Host: amzn 2
- Connect to your Linux instance as ec2-user using SSH.
Intro
---
* Private Key: The contents of the foo.rsa file from the previous step.
* Public Key Certificate: The contents of the <your_cert>.crt file provided by GoDaddy
* Certificate Chain: The contents of the gd_bundle-g2-g1.crt file provided by GoDaddy
Create a self signed certificate (notice the addition of -x509 option):
---
```gherkin=
openssl req -config myserver.cnf -new -x509 -sha256 -newkey rsa:2048 -nodes \
-keyout example-com.key.pem -days 365 -out example-com.cert.pem
```
Configuration file (passed via -config option)
---
```gherkin=
# the fully qualified server (or service) name
FQDN = *.onpremise.corp
# the name of your organization
ORGNAME = DEVOPS INC HZ
# subjectAltName entries: to add DNS aliases to the CSR, delete
# the '#' character in the ALTNAMES line, and change the subsequent
# 'DNS:' entries accordingly. Please note: all DNS names must
# resolve to the same IP address as the FQDN.
ALTNAMES = DNS:$FQDN # , DNS:bar.example.org , DNS:www.foo.example.org
# --- no modifications required below ---
[ req ]
default_bits = 2048
default_md = sha256
prompt = no
encrypt_key = no
distinguished_name = dn
req_extensions = req_ext
[ dn ]
C = CN
ST = CN
L = CN
O = $ORGNAME
OU = Information Support
CN = $FQDN
[ req_ext ]
subjectAltName = $ALTNAMES
```
You need to use the -passin in your command, due to the key you've used in the -inkey needs a password. Also, the exported pkcs12 file will need a password, so you need to use -passout as well. So, assuming you'll use the same password for the imported an exported keys, you should use this command.
```gherkin=
openssl pkcs12 \
-export \
-in example-com.cert.pem -inkey example-com.key.pem -passin pass:1234qwer \
-passout pass:1234qwer -out mycert.pfx
```
How to create CSR file with config file
---
```gherkin=
touch myserver.key
chmod 600 myserver.key
openssl req -new -config myserver.cnf -days 3650 -keyout myserver.key -out myserver.csr
```
myserver.cnf
```gherkin=
# OpenSSL configuration file for creating a CSR for a server certificate
# Adapt at least the FQDN and ORGNAME lines, and then run
# openssl req -new -config myserver.cnf -keyout myserver.key -out myserver.csr
# on the command line.
# the fully qualified server (or service) name
FQDN = *.robotics-remote-support.yamaha-motor.co.jp
# the name of your organization
# (see also https://www.switch.ch/pki/participants/)
ORGNAME = YAMAHA MOTOR CO LTD
# subjectAltName entries: to add DNS aliases to the CSR, delete
# the '#' character in the ALTNAMES line, and change the subsequent
# 'DNS:' entries accordingly. Please note: all DNS names must
# resolve to the same IP address as the FQDN.
ALTNAMES = DNS:$FQDN # , DNS:bar.example.org , DNS:www.foo.example.org
# --- no modifications required below ---
[ req ]
default_bits = 2048
default_md = sha256
prompt = no
encrypt_key = no
distinguished_name = dn
req_extensions = req_ext
[ dn ]
C = JP
ST = Shizuoka
L = Iwata
O = $ORGNAME
OU = Information Support
CN = $FQDN
[ req_ext ]
subjectAltName = $ALTNAMES
```
## How to read csr file
```gherkin=
openssl req -in mycsr.csr -noout -text
```
## How to read cert file
```
openssl x509 -in vsftpd.pem -text -noout
```
Ref
---
```
FQDN = webadmin.splashtop.com
# the name of your organization
ORGNAME = Splashtop Inc.
# subjectAltName entries: to add DNS aliases to the CSR, delete
# the '#' character in the ALTNAMES line, and change the subsequent
# 'DNS:' entries accordingly. Please note: all DNS names must
# resolve to the same IP address as the FQDN.
ALTNAMES = DNS:$FQDN # , DNS:bar.example.org , DNS:www.foo.example.org
# --- no modifications required below ---
[ req ]
default_bits = 2048
default_md = sha256
prompt = no
encrypt_key = no
distinguished_name = dn
req_extensions = req_ext
[ dn ]
C = US
ST = CA
L = San Jose
O = $ORGNAME
OU = Backend
CN = $FQDN
[ req_ext ]
subjectAltName = $ALTNAMES
```
Sign in with Wallet
Connect another wallet