# Digital Certificate

## Generate your own key pair <br>

- OpenSSL is a widely used open source tool to generate a private and corresponding public key pair.

Generating a private key
```bash
openssl genpkey -algorithm RSA -out private.key -pkeyopt rsa_keygen_bits:2048

Create a public key for the above private key
```bash
openssl rsa -pubout -in private.key -out public.key

## Create a Certificate Singing Request (CSR)

- A CSR is a certificate signing request, which is sent to a Certificate Authority (CA) to request a digital certificate.

```bash
openssl req -new -key private.key -out certificate.csr
```
- After this step provide details like:
  - Country Name
  - State or Province Name
  - Locality Name
  - Organization Name
  - Organizational Unit Name
  - Common Name
  - Email Address
- These informations will appear in the certificate

## Generate a Self-Signed Certificate

```bash
openssl x509 -req -days 3 -in certificate.csr -signkey private.key -out certificate.crt
```

#### View the Contents of Your Certificate

- inspect your certificate to undarstand the contents

```bash
openssl x509 -in certificate.crt -text -noout
```

#### In the content look for
- Subject: Informations from the CSR
- Issuer: The CA that issued the certificate, for self-signed certificates, it is the same as the subject
- Validity: The start and expiration date of the certificate
- Public Key: The public key of the certificate


## Use Your Certificate in Practice

- Create a simple HTTPS server
- Use certificate.crt and private.key

In [None]:
import http.server
import ssl

server_address = ('localhost', 4443)
httpd = http.server.HTTPServer(server_address, http.server.SimpleHTTPRequestHandler)

httpd.socket = ssl.wrap_socket(httpd.socket, 
                               keyfile="private.key", 
                               certfile="certificate.crt", 
                               server_side=True)

print("Serving on https://localhost:4443")
httpd.serve_forever()
