Member-only story
A Forensic Analysis of a Self-Signed Digital Certificate
5 min readDec 17, 2023
A digital certificate is defined in the form of X.509, and normally contains a trusted public key. For this, we sign the certificate with the private key of a trusted entity. But we can also create a self signed certificate, and where we sign with our own private key. The two main formats for a digital certificate are with PEM or DER (a binary form). In this case, we will create an RSA key pair and then create a self-signed certificate. We will sign the certificate with the private key that we create and store the public key within the certificate.
Let’s start with a sample run of creating an RSA key pair and an X509 certificate [here]:
Commands:
openssl req -x509 -newkey rsa:512 -sha256 -days 3650 -nodes
-keyout file1.der -out file2.der -subj "/CN=example.com"
-addext "subjectAltName = DNS:example.com,DNS: *.example.com,IP:10.0.0.1"
openssl rsa -in file.key -out file1.der -outform DER
openssl x509 -in file.crt -out file2.der -outform DER
type file1.der | xxd -pr
type file2.der | xxd -pr
-----BEGIN PRIVATE KEY-----
MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEA19ishIHxKjHZkeF7
6mLfJ1K6GkFGewc5Z41yFtgOxmEqkKMTT6/JlkwmS5W+RAecdgNRqJ8CBEOvYfQj
Q+P/EQIDAQABAkEAiR8rKdrq/GVC1LwsXpCFN5QEil1hixLh0vk2u3Byom85SGYF
kaYrbVmRFwFd31Gd3eYXsz7W8m61K2XL/Ba26QIhAO7NhA+PqP+zP+CPshGsGlkZ…
