Skip to content

Instantly share code, notes, and snippets.

@chibaye

chibaye/self_signed_certs.md

Forked from elklein96/self_signed_certs.md
Created February 21, 2024 12:31
Show Gist options
  • Save chibaye/feed0f4dc6930d7844a3c40a80466a18 to your computer and use it in GitHub Desktop.
Save chibaye/feed0f4dc6930d7844a3c40a80466a18 to your computer and use it in GitHub Desktop.
Download ZIP
A quick guide for creating self-signed certificates using OpenSSL
Raw
self_signed_certs.md

Creating a Self-Signed Certificate

Prerequisites

  • You'll need to install OpenSSL to create and sign certificates.
    • Linux: sudo apt-get install openssl
    • MacOS: brew install openssl

Getting Started

  1. Create a root key for your new certificate authority

    • openssl genrsa -out root_ca.key 2048

  2. Use the root key to sign a root certificate

    • openssl req -x509 -new -nodes -key root_ca.key -sha256 -days 1024 -out root_ca.pem

  3. Create a private key

    • openssl genrsa -out server.key 2048

  4. Create a certificate signing request

    • When prompted, set the Common Name equal to the IP address or domain name at which your certificate will be found
    • openssl req -new -key server.key -out server.csr

  5. Sign the CSR with your root key and root certificate

    • If you are creating a certificate for an IP address:

      • openssl x509 -req -extfile <(printf "subjectAltName=IP:127.0.0.1") -in server.csr -CA root_ca.pem -CAkey root_ca.key -CAcreateserial -out server.crt -days 3650 -sha256

    • If you are creating a certificate for a domain name:

      • openssl x509 -req -extfile <(printf "subjectAltName=DNS:example.com") -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 3650 -sha256
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment