Created
February 6, 2022 18:44
-
-
Save dzoladz/ab26fa46326e70b2a3e0475c82adf952 to your computer and use it in GitHub Desktop.
Create Self-Signed SSL Certificates for Local Development
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# --------------------------------------------------------------- | |
# How to create a self-signed SSL Certificate with Subject | |
# Alternative Names(SAN) for local development w/ Chromium | |
# --------------------------------------------------------------- | |
## Step 1: Generate a Private Key | |
```shell | |
openssl genrsa -des3 -out myapp.key 2048 | |
``` | |
## Step 2: Generate a CSR (Certificate Signing Request) | |
```shell | |
openssl req -new -key myapp.key -out myapp.csr | |
``` | |
``` | |
Enter pass phrase for myapp.key: | |
You are about to be asked to enter information that will be incorporated | |
into your certificate request. | |
What you are about to enter is what is called a Distinguished Name or a DN. | |
There are quite a few fields but you can leave some blank | |
For some fields there will be a default value, | |
If you enter '.', the field will be left blank. | |
----- | |
Country Name (2 letter code) [XX]: | |
State or Province Name (full name) []: | |
Locality Name (eg, city) [Default City]: | |
Organization Name (eg, company) [Default Company Ltd]: | |
Organizational Unit Name (eg, section) []: | |
**Common Name (eg, your name or your server's hostname) []:keycloak.derekzoladz.com** | |
Email Address []: | |
Please enter the following 'extra' attributes | |
to be sent with your certificate request | |
A challenge password []: | |
An optional company name []: | |
``` | |
## Step 3: Remove Passphrase from Key | |
```shell | |
cp myapp.key myapp.key.org && openssl rsa -in myapp.key.org -out myapp.key | |
``` | |
## Step 4: Create config file for SAN | |
```shell | |
touch v3.ext | |
``` | |
File content | |
``` | |
subjectKeyIdentifier = hash | |
authorityKeyIdentifier = keyid:always,issuer:always | |
basicConstraints = CA:TRUE | |
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign | |
subjectAltName = DNS:keycloak.derekzoladz.com, DNS:*.derekzoladz.com | |
issuerAltName = issuer:copy | |
``` | |
## Step 5: Generating a Self-Signed Certificate | |
```shell | |
openssl x509 -req -in myapp.csr -signkey myapp.key -out myapp.crt -days 3650 -sha256 -extfile v3.ext | |
``` | |
## Step 6: Get OS X to trust self-signed SSL Certificates | |
- Open up Keychain Access. | |
- Drag your certificate into Keychain Access. | |
- Go into the Certificates section and locate the certificate you just added | |
- Double click on it or right-click and select 'get info', enter the trust section. | |
- Under 'When using this certificate', select **Always Trust** |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment