Generate a Self Signed certificate chain
This guide describes step by step how to create your own certificate chain consisting of two certificates. A "root" certificate and an "end" certificate.
The end certificate must have the following characteristics :
- The Root Certificate should be the issuer
- The certificate has to be signed by the Root Certificate private key
INFO
The word "self-signed" is incorrect in this context, as the subject and issuer of the end certificate differ at the end. But it is a common term when it comes to a certificate that was not issued by a trusted certificate authority.
Generate a CSR for the root certificate
Use the CSR Generator tool to create a CSR and a private key for the root certificate. Fill in the form accordingly with the desired data and save the generated CSR for later use.
Generate a CSR for the end certificate
Use the CSR Generator tool to create a CSR and a private key for the end certificate. Fill in the form accordingly with the desired data and save the generated CSR for later use.
Generate the root certificate
Use the Self Signed Generator tool to create the Root Certificate. Lookup or paste the previously generated CSR and private key for the "root" certificate in the form and generate the self-signed certificate. This certificate then functions as a root certificate.
Generate the end certificate
In the last step, you have to create the end certificate. Use again the Self-Signed Generator. Lookup or paste the previously generated CSR for the "end" certifiate in the form. Now you have to do the following tasks:
- Replace the private key with the one from the Root Certificate.
- Place the Root Certificate on the corresponding input or use the Custom Issuer option to define the issuer data.
Fill out the rest of the form and hit generate.
To check whether the certificate chain is correct, you can use the Certificate Chain Check tool to verify the chain.
Generate a chain with 3 or more certificates
If you want to generate a chain that consists of 3 or more certificates, you can use the same steps as mentioned above. Just repeat the steps according to the amount of certificates you want to have in the chain.
Example:
- Root certificate = Signed with own private key and issuer and subject are the same.
- Intermediate certificate #1 = Signed with the private key from the Root certificate and the issuer is the subject of the root certifiate
- End certificate = Signed with the private key from the intermediate certificate and the issuer is the subject of the intermediate certificate