cybersecurity thread gain more and more weight and potential to harm your seriously, time to protect your data
asymmetric cryptography enable two parties to communicate securely with eachother, by using a related private and public key, let’s have a lot how to usalize
X.509 is the official standard for public key certificates, secure the access to webbased services or protect access via vpn or wifi – the schema below is my interpretation, or definition @wikipedia

OpenSSL
OpenSSL is a cryptographic tool, open-source, to provide free encryption – jump in to see how easy to generate private security certificates
FIRST generate private key for your certificate authority (ca)
openssl genrsa -out ca.key 4096
create ca certificate from key, fill out the reqired certificate information
openssl req -new -x509 -days 365 -key ca.key -out ca.crt

implement ca certificate in your application/service
NOW create client private key …
openssl genrsa -out /etc/nginx/ssl/key/client_abc.key 1024
… and certificate signing requst (csr)
openssl req -new -key client_abc.key -out client_abc.csr

SIGN the client certificate
openssl x509 -req -days 365 -in client_abc.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client_abc.crt
provide client certifcate to used client devices
online/hosted service
CAcert is a comunity-driven and want to push awareness for encryption und education by providing cryptographic certificates
enterprise
several vendor offer pki services – microsoft provide it’s windows server 2008R2 buildin certificate services selfhosted, with network device enrollment service (ndes) for automated client certificate enrollment – others like digicert/globalsign/etc. provide payed hosted services