Creating a Self-Signed Public Key Infrastructure (PKI) for certificate creation [SSL, OpenVPN]

Channel:

i12bretro

Subscribers:

14,500

Published on April 6, 2020 11:00:13 AM ● Video Link: https://www.youtube.com/watch?v=ezzj3x207lQ

Duration: 4:12

5,655 views

60

#PublicKeyInfrastructure #PKI #Certificates #SSL

Full steps can be found at https://i12bretro.github.io/tutorials/0004.html

This is part one of a series of creating your own self-signed PKI and some ways to utilize the PKI to setup SSL for your web server or create your own OpenVPN server.
 
Disclaimer: I am not a security expert. This is just the easiest way I have found to create and utilize SSL for my homelab services.
 
--------------------------------------------------------------------
Getting Started
--------------------------------------------------------------------
   01. Download X Certificate Key Manager https://hohnstaedt.de/xca/index.php/download
   02. Extract X Certificate Key Manager
   03. Launch xca.exe
   04. Select File ≫ Create Database
   05. Name your PKI database and click save
   06. Enter a password for you database
   07. Re-type to confirm and click OK
 
--------------------------------------------------------------------
Creating the Root Certificate Authority
--------------------------------------------------------------------
   01. Navigate to the Certificates tab
   02. Click the New Certificate button
   03. Click the Subject tab
   04. Complete the Distinguished Name section
         internalName: i12bretro Root CA
         countryName: US
         stateOrProvinceName: Virginia
         localityName: Northern
         organizationName: i12bretro
         organizationUnitName: i12bretro Certificate Authority
         commonName: i12bretro Root CA
   05. Click the Generate a New Key button
   06. Enter a name and set the key size to at least 2048
   07. Click Create
   08. Click on the Extensions tab
   09. Select Certificate Authority from the type list
   10. Update the validity dates to fit your needs
   11. Click the Key Usage tab
   12. Under Key Usage select Digital Signature, Key Encipherment and Certificate Sign
   13. Click OK to create the certificate
 
--------------------------------------------------------------------
Creating the Intermediate Certificate Authority
--------------------------------------------------------------------
   01. From the Certificates tab, right click on your Root CA certificate
   02. Select New
   03. On the Source tab, make sure Use this Certificate for signing is selected
   04. Verify your Root CA certificate is selected from the drop down
   05. Click the Subject tab
   06. Complete the Distinguished Name section
         internalName: i12bretro Intermediate CA
         countryName: US
         stateOrProvinceName: Virginia
         localityName: Northern
         organizationName: i12bretro
         organizationUnitName: i12bretro Certificate Authority
         commonName: i12bretro Intermediate CA
   07. Click the Generate a New Key button
   08. Enter a name and set the key size to at least 2048
   09. Click Create
   10. Click on the Extensions tab
   11. Select Certificate Authority from the type list
   12. Update the validity dates to fit your needs
   13. Click the Key Usage tab
   14. Under Key Usage select Digital Signature, Key Encipherment and Certificate Sign
   15. Click OK to create the certificate
   16. From this point forward, use the intermediate certificate to create end entity certificates
 


### Connect with me and others ###
★ Discord: https://discord.com/invite/EzenvmSHW8
★ Reddit: https://reddit.com/r/i12bretro
★ Twitter: https://twitter.com/i12bretro