This document includes instructions for OpenSSL setup. It also includes steps for generating key and self-signed certificate.
There are different steps for each operating system. Choose the steps for your environment.
A free book on OpenSSL is available online: OpenSSL Cookbook, by Ivan Ristić
For MS Windows, you need to install OpenSSL
-
In your web browser, visit the link: https://slproweb.com/products/Win32OpenSSL.html
-
In the table, move to the entry: Win64 OpenSSL v1.1.x Light.
-
Select the MSI download link
-
Once downloadeded to your computer, run the MSI file
-
During the installation process, select all of the defaults.
-
Update your system path environment variable to point to the openssl installation
a. Open the MS Windows Control Panel
b. Select System > Advanced System Settings
c. Click Environment Variables
d. In the System variables section, select the Path variable and click the Edit button.
e. At the beginning of the path, add:
c:\Program Files\OpenSSL-Win64\bin;
NOTE: Be sure to update with the installation directory on your computer accordingly.
f. Click Ok and proceed to close all of the dialogs.
Let's verify the OpenSSL installation
-
Open a new command-prompt window.
-
Type the following command:
openssl help
-
You will see the version of openssl installed. If so then openssl is installed successfully. :-)
-
Open a command-prompt window.
-
Move into the directory of your Angular ecommerce project.
cd angular-ecommerce
-
Create a new directory for your output files
mkdir ssl-localhost
-
Create a configuration file for the OpenSSL utility.
a. In the directory:
angular-ecommerce
b. Create a new file named:
localhost.conf
-
Open the
localhost.conf
file and enter the following:[req] # Don't prompt the user when running openssl certificate generation prompt = no # Reference to the section containing the Distinguished Name (information about your company/entity) distinguished_name = dn [dn] # Country, State and Locality (city) C = US ST = Pennsylvania L = Philadelphia # Organization and Organizational Unit (department name, group name) O = luv2code OU = Training # Common Name (fully qualified domain name of your website server) CN = localhost
-
Save the file.
-
In the terminal window, run this command to generate the key and certificate. Be sure to enter this command as a single line.
openssl req -x509 -out ssl-localhost\localhost.crt -keyout ssl-localhost\localhost.key -newkey rsa:2048 -nodes -sha256 -days 365 -config localhost.conf
Argument Description req -x509 generate X.509 certificate -out ssl-localhost/localhost.crt name of output certificate file -keyout ssl-localhost/localhost.key name of output key file -newkey rsa:2048 create new certificate request and a new private key using algorithm RSA and key size of 2048 bits -nodes No DES encryption. The generated private key will not be encrypted -sha256 Use the SHA256 message digest to sign the request -days 365 Certificate is valid for 365 days -config localhost.conf Name of config file Detailed docs available here.
-
This command generates the following output:
Generating a 2048 bit RSA private key .......+++ ...............................+++ writing new private key to 'ssl-localhost/localhost.key'
-
The command generates two files:
localhost.crt
andlocalhost.key
. -
View the newly generated files in the
ssl-locahost
directory.dir ssl-localhost
Sample output
localhost.crt localhost.key
-
View the contents of your certificate.
openssl x509 -noout -text -in ssl-localhost/localhost.crt
Sample Output
Certificate: Data: Version: ... Serial Number: 13535095018565170476 (0xbbd6513516bc752c) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Pennsylvania, L=Philadelphia, O=luv2code, OU=Training, CN=localhost Validity Not Before: May 29 21:25:12 2021 GMT Not After : May 29 21:25:12 2022 GMT Subject: C=US, ST=Pennsylvania, L=Philadelphia, O=luv2code, OU=Training, CN=localhost Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) ... Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Alternative Name: DNS:localhost Signature Algorithm: sha256WithRSAEncryption a2:9c:22:7c:73:ed:03:3f:ec:00:ce:c0:f6:0b:20:b4:09:6d: ...
Congrats! You have successfully generated a key and self-signed certificate. You can now return to the videos and continue with the course.
On Mac/Linux, openssl is already included with the operating system. There is nothing additional to install.
-
Open a terminal window.
-
Move into the directory of your Angular ecommerce project.
cd angular-ecommerce
-
Create a new directory for your output files.
mkdir ssl-localhost
-
Create a configuration file for the OpenSSL utility.
a. In the directory:
angular-ecommerce
b. Create a new file named:
localhost.conf
-
Open the
localhost.conf
file and enter the following:[req] # Don't prompt the user when running openssl certificate generation prompt = no # Reference to the section containing the Distinguished Name (information about your company/entity) distinguished_name = dn [dn] # Country, State and Locality (city) C = US ST = Pennsylvania L = Philadelphia # Organization and Organizational Unit (department name, group name) O = luv2code OU = Training # Common Name (fully qualified domain name of your website server) CN = localhost
-
Save the file.
-
In the terminal window, run this command to generate the key and certificate.
openssl req -x509 \ -out ssl-localhost/localhost.crt \ -keyout ssl-localhost/localhost.key \ -newkey rsa:2048 -nodes -sha256 -days 365 \ -config localhost.conf
Argument Description req -x509 generate X.509 certificate -out ssl-localhost/localhost.crt name of output certificate file -keyout ssl-localhost/localhost.key name of output key file -newkey rsa:2048 create new certificate request and a new private key using algorithm RSA and key size of 2048 bits -nodes No DES encryption. The generated private key will not be encrypted -sha256 Use the SHA256 message digest to sign the request -days 365 Certificate is valid for 365 days -config localhost.conf Name of config file Detailed docs available here.
-
This command will generate the following output:
Generating a 2048 bit RSA private key .......+++ ...............................+++ writing new private key to 'ssl-localhost/localhost.key'
-
The command generates two files:
localhost.crt
andlocalhost.key
. -
View the newly generated files in the
ssl-localhost
directory.ls ssl-localhost
Sample output
localhost.crt localhost.key
-
View the contents of your certificate.
openssl x509 -noout -text -in ssl-localhost/localhost.crt
Sample Output
Certificate: Data: Version: ... Serial Number: 13535095018565170476 (0xbbd6513516bc752c) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Pennsylvania, L=Philadelphia, O=luv2code, OU=Training, CN=localhost Validity Not Before: May 29 21:25:12 2021 GMT Not After : May 29 21:25:12 2022 GMT Subject: C=US, ST=Pennsylvania, L=Philadelphia, O=luv2code, OU=Training, CN=localhost Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) ... Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Alternative Name: DNS:localhost Signature Algorithm: sha256WithRSAEncryption a2:9c:22:7c:73:ed:03:3f:ec:00:ce:c0:f6:0b:20:b4:09:6d: ...
Congrats! You have successfully generated a key and self-signed certificate. You can now return to the videos and continue with the course.