Skip to content

Instantly share code, notes, and snippets.

@ghabxph
Last active October 30, 2018 23:19
Show Gist options
  • Save ghabxph/f82c801dfab4323c7e97aacd1424d6ed to your computer and use it in GitHub Desktop.
Save ghabxph/f82c801dfab4323c7e97aacd1424d6ed to your computer and use it in GitHub Desktop.
Create your own Root Certificate Authority
Credits:
https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development
Create key first
openssl genrsa -des3 -out myCA.key 2048
Create your first root CA
openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem
Create a CA signed certificates for your dev sites
openssl genrsa -out your.domain.com.key 2048
Then generate a signing request
openssl req -new -key your.domain.com.key -out your.domain.com.csr
Create a config file that defines Subject Alternative Name, necessary to specify the domain name of your website
your.domain.com.ext
```
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = your.domain.com
DNS.2 = your.domain.com.127.0.0.1.xip.io
```
Generate your site's certificate using your signing request, and the configuration you've just created.
openssl x509 -req -in your.domain.com.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial \
-out your.domain.com.crt -days 1825 -sha256 -extfile your.domain.com.ext
To test things out:
1. Retrieve your root ca pem file (myCA.pem)
2. Import that pem file on your trust root certificate list
2.1. Windows:
2.1.1. Start > mmc
2.1.2. File > Add/Remove Snap-In...
2.1.3. Available snap-ins > Certificates > Click "Add >"
2.1.4. Select "Computer account" > Next > Finish
2.1.5. Click OK
2.1.6. Certificates (Local Computer) > Trusted Root Certification Authorities
> Right Click > All Tasks > Import Certificate
2.1.7. Next > Browse on the PEM file (myCA.pem) > Finish
2.1.x. DONE! :)
@ghabxph
Copy link
Author

ghabxph commented Aug 6, 2018

openssl genrsa -out your-domain.com.key 2048
openssl req -new -key your-domain.com.key -out your-domain.com.csr





your-domain.com



echo authorityKeyIdentifier=keyid,issuer                                               > your-domain.com.ext
echo basicConstraints=CA:FALSE                                                        >> your-domain.com.ext
echo keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment   >> your-domain.com.ext
echo subjectAltName = @alt_names                                                      >> your-domain.com.ext
echo                                                                                  >> your-domain.com.ext
echo [alt_names]                                                                      >> your-domain.com.ext
echo DNS.1 = your-domain.com                                               >> your-domain.com.ext
openssl x509 -req -in your-domain.com.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial \
-out your-domain.com.crt -days 1825 -sha256 -extfile your-domain.com.ext
<passphrase>

@ghabxph
Copy link
Author

ghabxph commented Oct 8, 2018

openssl genrsa -aes256 -passout pass:yourstrongpassword 4096

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment