Skip to content

Instantly share code, notes, and snippets.

@exAspArk
Last active November 16, 2024 09:47
Show Gist options
  • Save exAspArk/f738f0771e2675e7f4c3b5d11403efd8 to your computer and use it in GitHub Desktop.
Save exAspArk/f738f0771e2675e7f4c3b5d11403efd8 to your computer and use it in GitHub Desktop.
Self-signed SSL Certificate with OpenSSL on MacOS | MongoDB
openssl genrsa -out CAroot.key 2048
openssl req -new -key CAroot.key -out CAroot.csr # CN should be different from the certificates below
openssl req -x509 -days 1825 -key CAroot.key -in CAroot.csr -out CAroot.crt
cat CAroot.crt CAroot.key > CAroot.pem
openssl genrsa -out mongod.key 2048
openssl req -new -key mongod.key -out mongod.csr
openssl x509 -req -days 1825 -in mongod.csr -CA CAroot.pem -CAkey CAroot.key -CAcreateserial -out mongod.crt
cat mongod.crt mongod.key > mongod.pem
openssl genrsa -out client.key 2048
openssl req -new -key client.key -out client.csr
openssl x509 -req -days 1825 -in client.csr -CA CAroot.pem -CAkey CAroot.key -CAcreateserial -out client.crt
cat client.crt client.key > client.pem
mongo --ssl --sslCAFile CAroot.pem --sslPEMKeyFile client.pem --authenticationDatabase production -u user -p password --host mongo.host --port 27018
# install new OpenSSL
brew install openssl
# generate private key and enter pass phrase
openssl genrsa -des3 -out private_key.pem 2048
# create certificate signing request, enter "*.example.com" as a "Common Name", leave "challenge password" blank
openssl req -new -sha256 -key private_key.pem -out server.csr
# generate self-signed certificate for 1 year
openssl req -x509 -sha256 -days 365 -key private_key.pem -in server.csr -out server.pem
# validate the certificate
openssl req -in server.csr -text -noout | grep -i "Signature.*SHA256" && echo "All is well" || echo "This certificate doesn't work in 2017! You must update OpenSSL to generate a widely-compatible certificate"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment