home lab

Easy SSL Certificates for Lab Environments

A look at how to create Easy SSL Certificates for Lab Environments using a free utility that can be downloaded and configured to spin up a Root CA and certs
Brandon LeeNovember 16, 2017Last Updated: January 11, 2021
3 minutes read
Web-browser-sessions-starts-and-begins-setting-up-the-certificate-database
Web-browser-sessions-starts-and-begins-setting-up-the-certificate-database

In a home lab environment, we often want to test various functionality as we would use in production or otherwise. Nowadays, SSL connectivity is for the most part the standard when it comes to connecting to any type of web interface, console, etc. For most applications, in a home lab we can most likely deal with the certificate warnings presented when it comes to browser connectivity. However, at times we may want to have true SSL connectivity without warnings or errors presented to truly test applications in the home lab environment by provisioning a root CA and having the ability to provision multiple certificates. Recently, I was working with a home lab installation of VMware Horizon View and wanted to install a true SSL certificate on the Horizon View Security Server installation. Instead of having to spin up a Windows domain based PKI or even Linux PKI of some sort, and all the prerequisites required, I wanted to be able to stand up a quick and dirty CA certificate server and be able to issue certificates from it. Let’s look at a really powerful little free utility that allows easy ssl certificates for lab environments.

Easy SSL Certificates for Lab Environments

I stumbled on a free utility that I think many may benefit from knowing about called Certificate Management Tool from Real Time Logic that allows quickly standing up a certificate authority, issuing root certificates, and also server certificates for your resources. It is a nifty little install that provides a web-based wrapper around OpenSSL and allows a quick and easy way to provision a PKI infrastructure of sorts for various testing purposes.ย  Let’s look at the installation process.

Installing Certificate Management Tool

The download of the Certificate Management Tool is a single executable – certmgr.install.exe.ย  Running the installer is intuitive and easy with only a couple of choices involving the installation directory, etc.

Beginning-the-Certificate-Managemet-Tool-installation
Beginning the Certificate Management Tool installation
Browse-and-choose-the-installation-directory
Browse and choose the installation directory
Directory-structure-of-the-Certificate-Management-Tool-after-installation
Directory structure of the Certificate Management Tool after installation
CMD-window-confirming-you-want-to-start-the-certificate-server
CMD window confirming you want to start the certificate server
The-Certificate-Management-Tool-Mako-server-starts
The Certificate Management Tool Mako server starts

Creating the Certificate Database and Root Certificate

After a few moments, the Certificate Management Tool will automatically launch a browser with theย Create Certificate Database showing by default.ย  Here we select aย DB Name for the certificate database and the type.ย  For type, I chose theย RSA Certificate type.ย  The other option isย Elliptic Curve Certificateย which is a newer type of certificate that is smaller in size, but not as well supported.

Web-browser-sessions-starts-and-begins-setting-up-the-certificate-database
Web browser sessions starts and begins setting up the certificate database

In creating the root certificate, we can simply fill in the usual common information.ย  The main difference with the root certificate creation is we can simply place a descriptive phrase in theย Common Name field.ย  When finished, click theย Create Key & Certificate button.

Create-the-root-certificate-for-the-SSL-certificate-authority
Create the root certificate for the SSL certificate authority

A summary screen will display.ย  Click theย CA Certificate Browser Installation Instructions to display a page where we can pull down the root certificate.

Choose-to-download-the-root-certificate
Choose to download the root certificate

Download the root certificate by clicking the link.

Click-the-link-to-download-the-root-certificate
Click the link to download the root certificate

Below, I have downloaded the root certificate and placed in the root certificates store of the server.

Installing-the-root-certificate-on-a-lab-server-
Installing the root certificate on a lab server

Creating a Server Certificate

Now, we can get started creating our server certificates.ย  Click theย Create Certificate button on the left to display the form for creating our certificate.

Create-a-new-server-certificate
Create a new server certificate

The difference here is once the certificate is created, we don’t get a download option.

Server-certificate-is-created
Server certificate is created

The server certificates are created in the profile directory of the user you are running it as under theย .certmgr-db directory and then the name of your database you created. The subfolder calledย keys-and-certs houses server certificates that are created.ย  There will be a pair of files aย .pem file which is the certificate file and aย .key file which is the private key.

Server-certificates-are-created-in-the-profile-directory-of-the-certificate-database
Server certificates are created in the profile directory of the certificate database

To easily create aย .PFX file format that contains both the server key and the private key, we can run a simple OpenSSL command to combine the two files.ย  Note, installing the Certificate Management Tool, installs OpenSSL in the installation directory.ย  We can use this to perform the combine operation.ย  Also, note below, I received a “unable to write random state” error, which is an OpenSSL error most likely related to permissions even though I am using an administrator prompt.ย  I am still looking into this, however, it did not affect the resulting PFX that worked perfectly.

openssl pkcs12 -export -in <path to .pem file> -inkey <path to .key file> -out <path of resulting .PFX>
Using-OpenSSL-to-create-a-PFX-file-containing-the-private-key
Using OpenSSL to create a PFX file containing the private key
The-resulting-PFX-file-along-with-the-source-files
The resulting PFX file along with the source files

Testing the Easy SSL certificate

After importing the resulting PFX file onto my server, which as mentioned above, is a Horizon Security server, I was able to test the browser session and it worked like a charm.ย  Below are a few screenshots of checking the certificate out from the browser as well as viewing the certificate itself along with the certification path.

Chrome-reports-the-SSL-certificate-is-valid
Chrome reports the SSL certificate is valid
Viewing-the-resulting-certificate
Viewing the resulting certificate
SSL-Certificate-certification-path-looks-good-also
SSL Certificate certification path looks good also

Thoughts

The Certificate Management Tool is a great little utility that allows creatingย Easy SSL Certificates for Lab Environments.ย  Using self-signed certificates is okay in most cases in lab environments, however, the Certificate Management Tool allows quickly spinning up your own root CA and issuing certificates for testing which greatly shortcuts the process to standing up your own PKI infrastructure.

Brandon LeeNovember 16, 2017Last Updated: January 11, 2021
3 minutes read

Subscribe to VirtualizationHowto via Email ๐Ÿ””

Enter your email address to subscribe to this blog and receive notifications of new posts by email.



Photo of Brandon Lee

Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com, and a 7-time VMware vExpert, with over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, He has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family. Also, he goes through the effort of testing and troubleshooting issues, so you don't have to.

Related Articles

Best Hypervisor for home lab in 2023

Best Hypervisor for Home Lab in 2023

June 7, 2023
top7homelabtools

Top 7 Home Lab Server Tools in 2023

May 16, 2023
VM vs container

Virtual machine vs container: Which is best for home lab?

July 27, 2023
Best server os in 2024

Best Server OS in 2024 in Five Categories

February 19, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© Copyright 2024, All Rights Reserved  | VirtualizationHowto.com