welcome back guys in this video i will demonstrate you how we can create a key store how we can create our own certificate and how we can sign that certificate using our own certificate authority to proceed with the demo i have already downloaded the open ssl client so i navigate to this particular folder and i'll right click on this open ssl.exe file and i'll run this file as an administrator so that you don't see any issue registering or creating our own certificate which we will be doing via a few commands so i have written those all those commands in a notepad so that i don't have to waste much time on writing those commands in front of you but obviously i will be explaining all those commands so the first command which i am having is this one which i need to run from this open ssl command form so here what i am doing is i have given the path of this cnf file which is required to create my certificate this first command will be used for creating my certificate it will generate a key and the certificate while also specifying the number of days the certificate is valid for so let me just click enter and it will be asking me uh a couple of questions like what will be the password for my certificate so i'll lend them any uh sorry i'll enter any random password now so it is asking for couple of queries which i need to answer whether i'm registering the certificate as an individual user or for a particular organization so right now i'm in india so i can enter any data over here i'm a developer so i'm writing the organizational unit as dev common name can be an individual name or your domain name as well okay so let me write this email address can be anything abc at the atxl.com so my certificate is created now as we can see in the back end the key for the certificate and the certificate itself is generated so this is the key which is generated this is the private key for the certificate actually and this is the public key for the certificate now to sign this certificate which is generated over here i will have to run a few commands from the command prompt instead of ssl utility so i will go to my command prompt and i jump on to my second command which is creating a key store and while creating the key store we also have the luxury to specify which algorithm my keystone certificate should work on since uh so in this case i am using rsa algorithm if you can see the last part hyphen key energy is written so i am specifying the algorithm as rsa and my keystone name is client keystore and the alias name which i am using for my client keystore is client i press enter so it is asking me for some password which i need to give since i am registering my certificate it is asking for the first name and last name any random name i can give for now so here if you say no whatever we have done till now will be closed so if i say yes my certificate will be registered my keystone will be registered so again it is asking me for to enter a password if i want my keystone password to be used uh as the key password then i should simply press enter or i should enter a new password over here so i just clicked on enter without entering any new password now i will go ahead and execute my third command from the command prompt itself so this particular request will generate a csr file for my client keystore keystore which i created in my previous command using my previous command so once i click enter the csr file will be generated after i give the correct password which i have set in my previous step okay now if i check back in the folder my css file should be generated over there so this is the css file which is generated now using that csr file i will execute this fourth command in the open ssl utility so it is asking me for the pass phase which i gave in my first step so this is done coming to the fourth part now in this particular step what i'm going to do is i'm importing the certificate which i have created as i already mentioned my certificate is in ca certificate pem.txt file i'm importing that certificate into my store which i created in the second step so i will enter the password so again it is asking me whenever we are importing any certificate into into the keystone it will ask again and again whether you trust the certificate or not if you say no the certificate will not be added to the keystore if you say yes certificate will be added so now in my last step i will be using the client csr file and the certificate which i have engine already generated i am using that certificate and importing that into my key store so if you can see in this particular folder there is a certificate generated because of the previous step client.cer so this time i am going to add that to my keystore again i need to enter the password so certificate was successfully added into the keystore okay so uh i think you guys might be confused at what we did in the previous step and what is different in this particular step so what we did in the previous step was just adding a certificate to the keystore but in the second step what we did we imported a signed certificate of into the keystore this is what is different from the page system for any queries you guys can post your comments into the comment box and i'll be posting all the comments in along with the video so let me know if you have any doubts so that i can help you and thank you for watching