How to create a valid self signed SSL Certificate?

Hi Christian, I have been watching your videos for ages and with your help I have grown my little raspberry pi "home lab" out into 3 separate servers running more services than I have any business or need to run. I enjoyed this video and it was very informative. Thank you for all the help and wish me luck setting up my own CA.

Thank you very much. This was extremely useful. You took a very confusing and convoluted process and made it as easy to understand as possible. I was able to setup certs on several home servers that I've been trying to figure out for years. I really appreciate your time making this video. Very helpful.

Hands down, absolutely outstanding work. Thank you so much for this video. I absolutely loved it. You earned a sub!

You really know your stuff. So much information in 25 minutes!

Might be the most important video I've watched in 5 years, wow. Thanks SO much for this, very well done!

Thanks so much for this video. It really helped me a lot. For a long time I was having problems with other tutorials tying to configure this, and with your video I managed to get everything working really fast. Thanks again!

Thanks a million! I was following some other documented tutorials and none of them seem to explain what is important and what is not. I didn't have a DNS name so I had to rely on IP addresses. After spending 2 days of trying to setup SSL certificates, I finally found and followed your video and it just worked straight away!

This was exactly what I needed to understand the cert-creation process. Thank you, and I have now subscribed to your channel :D

Great video! You've corrected the topic in great detail. This will be my reference video on this topic. Keep producing video on these interesting topics. You've got a new subscriber

After a very long time struggling with it I finally got it working thanks to you! Thank you!

just started to dip my toes into self signing so this is wonderful timing that you to made a fresh video about it.
🤗

I subscribed last week, mostly because I'm into Docker and you seem to cover it a lot. You've already proven to be quite useful with this tutorial, which I ran into completely by coincidence. Just wanted to say I really appreciate you, thanks!

Excellent will use it today ! Thanks for documenting all process !

Nice overview about CA's and how Windows trust certificates from websites. And well detailed explanation about the steps to generate a valid certificate. It really comes in handy to me right know, because I was dealing with some troubles to generate a certificate to a local system in my job. Thank you very much! Keep it up! 👏👏👏

Thanks Bro. This explanitation gave me the needed steps to finally learn the SSL certificate concept and creation. All of my internally hosted consols are now secure. It was even possible for me to adjust my certificate chain for a cisco wlc which I wanted to start using. Without your instructions, I couldn't have made this jump. Vielen Dank!

Thank you for your time and knowledge, an invaluable help, especially because you turned something complex into a simple one, thank you, it has helped me a lot

Thanks for doing this. I watched it several times (and reviewed your very helpful 'Cheat-sheets' on git). I understand the process for setting up internal CA (with respective keys), as well as the signing request process. BUT, I'm still not sure how to go about creating certificates that have *wild-cards* for an IP range so that I can use more broadly in my home lab environment. I'll keep plugging away with some other how-to tutorials, and eventually I'll have the 'Eureka' moment and it'll all make sense. Nonetheless, your tutorial was very good and much appreciated. Cheers.

I've been trying this for weeks, and you managed to make me understand and actually learn something about certificates. Indeed, you are an excelent teacher! Thanks a lot

Thanks for making this video, great explanation of how it all works, reassuring to see all the reading of separate info I've been doing was in a simple video.

best explanation ever, thank you so much. for the first time, i actually understand ssl certs

love the videos pal - literally just finished watching several of your nginx proxy manager videos!

I had so many issues before trying to get SSL working on my VMware ESXI Server. Now I just used all the steps in this video and replaced the .csr file with the "Generate FQDN signing request" text (copied and put in a text file) that you can generate in ESXI. It instantly worked.
Before this Video I "broke" my server so I couldn't access it from the webinterface anymore (had to plug in Monitor & Keyboard to find out that the SSL Certificate was invalid so the webserver didn't start).
Thanks for making it this easy to follow👍

Great video Christian! Thank you very much for sharing it with us!💖👍😎JP

It is absolutely nuts how many subs you have now. Congrats man! I have been studying to get some certs lately so I'll see how it goes!

hey Christian!
You just got a new subscriber man!
Explained it beautifully!

Very good explanations. The part I was looking for was how to import the ca certificate into the client devices.

Thanks a ton! I have fond memories of adding SSL certificates to web 1.0 programs lol like deadAIM n such. Been really wanting to know more about its potential applications now adays. Appreciate the info. ~

That's exaclty what I did when decide to move all my home network to SSL couple of weeks ago, glad to see we are on the same wave :)

Thank you so much. You just earned a subscriber here. Great content.

Thanks for the great explanation!

Very great video! This was exactly what I've been looking for days and days. Very helpful. Thx! Keep it up

Very helpful, helped filled in some knowledge gaps in private CA's.

Really great, it's been a while since I was looking for this, i've implemented the same concept in Pfsense and made a web server to distribute the CA certificate to others devices

Thank you for demystifying the concept! It helped a lot!

thank you, just a note , the file extfile.cnf has to be encoded in utf-8 , you can convert it via visual studio code , otherwise an error will show up
"x509: Error on line 1 of config file "extfile.cnf" 8C520000:error:07000065:configuration file routines:def_load_bio:missing equal sign:crypto\conf\conf_def.c:513:HERE--> ■sline 1"

Always great content!
Re-watch it?? Not only, study it!!
Absolutely interesting and useful.
Thank you and keep on with this excellent content

This was exactly what I was looking for.
Helped a Ton!
Thanks

thank you so much! finally found a working solution at first attempt

Your video came just in time to save my day.
Didn't know i could be a CA as well create a SSL certificate.
Amazing

Hi Christian, thank you for that video, it is exactly what I was looking for, followed your steps and it works perfectly. You got one more subscriber.

Thank you, this is just what I was looking for! Very helpful, great video!

I autommatically press like when i see your videos. Awesome guy!!!!🙂🙂🙂🙂

Thank you so much, very informative and has finally enabled me to get rid of the annoying warning message when logging into my nas. Great job!

Finally a video that explains this process thoroughly, thank you

I don't have enough words to thank you !!!!! You saved a life here..

Excellent presentation and content! Bravo and thank you!!

Thx for the fullchain tip. I had read about it in the Proxmox docs, but just the standalone cert worked for me :)

Excellent video. Very informative. Good job.

You are awesome man! Very clean explanation

Wow ... amazing !!! ... your step by step is exactly what I need ... and it's working A1 ... thank's for your generosity :)

I was searching to really solve this trusting issue puzzle for years by relying on Windows CA role and has been impossible. Endless gratitude to you !!!

Thanks for the helpful video as always! 👍👍

Loved the video! And yes, please do a deep dive video as well 😇

Thanks for this video, your documentation is amazing, it makes it very easy to follow your instructions and I now understand what's happening...

This excellent and great video … yes! finally what I needed 👍🏼

This is really helpful. Thank you.

I love you man, you saved me days

You have touched on a lot of topics in an excellent narrative and really detailed. I really thank you for this. But there is something I want to ask. Does everyone in the "standard user" class who connects to our web page have to add to the trusted certificates you made in the last step here? That is, after we prepare the certificate, can it securely exit to the internet?
Another issue is that we want to sign our software that we prepare in our company with code signing. Can rootCA be used for this? Can we sign our software using the certificate created with this method?
Thank you very much.

Thank you for splitting the video into segments, I already knew the basics and could just skip ahead to relevant parts.

Thanks for your helpful videos!

Thank you, very helped for me

Your video is fantastic!! Compliment

Hi Christian, endlich mal eine verständliche und funktionierende Anleitung, wie man selber Zertifikate für sein Homelab erstellen und einsetzen kann. Sehr gut, danke dir! Ich möchte an dieser Stelle auch noch einmal erwähnen, dass ich neben deinen Videoinhalten auch in besonderem Maße die Qualität deiner Videos (Sound, Bild, Schnitt, Lautstärke, Farben, Abstimmung, Präsentation, Darstellung, Stimmung etc.) zu schätzen weiß. Nach meinem Empfinden bildest du damit einen Standard, an den derzeit kaum jemand heran kommt. Weiter so. Uppps, jetzt habe ich doch instinktiv in deutsch geschrieben 🙂

Thank you VERY much for making this video

Thank You so much!

Thank you so much 🙏🙏

In addition to this, if you are running Linux a self signed cert also helps you with signing your bootloader and enable secure boot properly ;) ..fun video always enjoy your passion with them!

very useful video, thank you very much

Awesome work.

such a great work. thanks!

It works! Thanks! 😄

Subscribed. I'm trying to keep my subscriptions list tidy, so take it as a massive compliment!

thanks for the video. I didn't understand the last part, is the command executed on the machine from where I open the page or on the server?

Christian, Great job here. Thanks so much. One question:
For the SAN name, I'd like to be able to enter a node's, hostname, FQDN and IP, which I would consider to be a common use-case for those not wanting to use wildcards. I've played around with the contents of the extfile.cnf to no avail. Any pointers ?

Thank you very much! You saved my day!

Danke für das Video, das hat unser Problem gelöst

thank you so much bro I was going around in circles until I got to this video

Thanks for taking the time to put together this video tutorial. I understand how to follow through the steps as you're doing them, but unfortunately I don't understand WHY I'm doing it at each step and what each step is doing for me, because there were too many words being spoken and it was confusing. One of the things I was not initially clear on, but now understand why is that I needed to add a linux distro in my lab environment to run openSSL. That's one more thing for me to have to manage! Also, where does it put the files it made? I can't find them. Forgive my rookie questions, first time I'm ever doing this. Very new to linux and to openSSL. Total NOOB here with certificates.

Thank you very much. You helped me a lot.

Ok but this is freaky. I was looking for a decent tutorial the whole of today and knew you mentioned it before but couldn't find it lol. At least I know where to look now

Excellent and detailed guide to resolve an issue as complicated as SSL.
What would be different in the certificates if TLS 1.3 is used?

this is by far the best video on this topic, thank you. I just have one question, I don't have a physical server I'm just testing in a VirtualBox and I was wondering if u could suggest to me any good VMs that I can install on VirtualBox and also install the certificates, that would really help me out

Come in handy! Thank you!

well done ... please bring more stuff on this...

Thanks, good introduction video!
For a more in-depth understanding and for best practices regarding certificates I highly recommend reading the book "TLS Mastery" by Michael W Lucas. Small and handy book with around 200 pages.

this channel is gold

thanks a lot for the amazing video

Thank you very much you SIR!!! you are my go-to youtube channel for my IT carreer!
Quick question: what terminal software you used in this video? the UI looks so clean. Thank you

Great video this. Thank you

ICH BIN SO GLÜCKLICH DAAAANKE🎉❤❤❤❤❤❤

very informative content.

video was so good i had to smash like & subscribe

Great content!

Thanks a lot. What type of terminal are you using?

Finally the answer to the most headache of running a home lab!

Thanks Very much

Very good video, for my local environment I use cerbot with cloudflare api to authorize the certificate creation locally without any ports open and then either pass everything through a local proxy or by installing the cerbot client and setting up the subdomain for the service if it's an important one like freeipa/teleport/other important service that I don't want to use a local proxy.

Okay, I did it. Finally I got that regular padlock in the corner of my browser ^) BTW Ubuntu/Firefox want certificates with '.crt' extension. '.pem' don't work with update-ca-certificates command and aren't imported to firefox.

Awesome video, are you using your private CA with Teleport? Does Teleport use it to sign the certificates it generates?

struggling for 4 days now to have ansible role for this need exactly, apparently I had mistakes, if I succeed can I make PR to the boilerplate repository ?
thank you very much for your response in advance.