Skip to content

Instantly share code, notes, and snippets.

@elklein96
Created February 14, 2018 04:32
Show Gist options
  • Save elklein96/a15090f35a41e16bdc8574a7fb81e119 to your computer and use it in GitHub Desktop.
Save elklein96/a15090f35a41e16bdc8574a7fb81e119 to your computer and use it in GitHub Desktop.
A quick guide for creating self-signed certificates using OpenSSL

Creating a Self-Signed Certificate

Prerequisites

  • You'll need to install OpenSSL to create and sign certificates.
    • Linux: sudo apt-get install openssl
    • MacOS: brew install openssl

Getting Started

  1. Create a root key for your new certificate authority

    • openssl genrsa -out root_ca.key 2048
  2. Use the root key to sign a root certificate

    • openssl req -x509 -new -nodes -key root_ca.key -sha256 -days 1024 -out root_ca.pem
  3. Create a private key

    • openssl genrsa -out server.key 2048
  4. Create a certificate signing request

    • When prompted, set the Common Name equal to the IP address or domain name at which your certificate will be found
    • openssl req -new -key server.key -out server.csr
  5. Sign the CSR with your root key and root certificate

    • If you are creating a certificate for an IP address:

      • openssl x509 -req -extfile <(printf "subjectAltName=IP:127.0.0.1") -in server.csr -CA root_ca.pem -CAkey root_ca.key -CAcreateserial -out server.crt -days 3650 -sha256
    • If you are creating a certificate for a domain name:

      • openssl x509 -req -extfile <(printf "subjectAltName=DNS:example.com") -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 3650 -sha256
@longansv
Copy link

longansv commented Mar 25, 2024

cp /path/to/root-ca.pem /usr/local/share/ca-certificates
sudo update-ca-certificates
Provides for updating CA (Certificate Authority) certificates on Linux systems

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment