ghabxph/create-your-own-root-certificate-authority.txt

## create-your-own-root-certificate-authority.txt
Credits:
https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development

Create key first
openssl genrsa -des3 -out myCA.key 2048

Create your first root CA
openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem

Create a CA signed certificates for your dev sites
openssl genrsa -out your.domain.com.key 2048

Then generate a signing request
openssl req -new -key your.domain.com.key -out your.domain.com.csr

Create a config file that defines Subject Alternative Name, necessary to specify the domain name of your website
your.domain.com.ext
```
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = your.domain.com
DNS.2 = your.domain.com.127.0.0.1.xip.io
```

Generate your site's certificate using your signing request, and the configuration you've just created.
openssl x509 -req -in your.domain.com.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial \
-out your.domain.com.crt -days 1825 -sha256 -extfile your.domain.com.ext


To test things out:
1. Retrieve your root ca pem file (myCA.pem)
2. Import that pem file on your trust root certificate list
    2.1. Windows:
        2.1.1. Start > mmc
        2.1.2. File > Add/Remove Snap-In...
        2.1.3. Available snap-ins > Certificates > Click "Add >"
        2.1.4. Select "Computer account" > Next > Finish
        2.1.5. Click OK
        2.1.6. Certificates (Local Computer) > Trusted Root Certification Authorities
               > Right Click > All Tasks > Import Certificate
        2.1.7. Next > Browse on the PEM file (myCA.pem) > Finish
        2.1.x. DONE! :)
	Credits:
	https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development

	Create key first
	openssl genrsa -des3 -out myCA.key 2048

	Create your first root CA
	openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem

	Create a CA signed certificates for your dev sites
	openssl genrsa -out your.domain.com.key 2048

	Then generate a signing request
	openssl req -new -key your.domain.com.key -out your.domain.com.csr

	Create a config file that defines Subject Alternative Name, necessary to specify the domain name of your website
	your.domain.com.ext
	```
	authorityKeyIdentifier=keyid,issuer
	basicConstraints=CA:FALSE
	keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
	subjectAltName = @alt_names

	[alt_names]
	DNS.1 = your.domain.com
	DNS.2 = your.domain.com.127.0.0.1.xip.io
	```

	Generate your site's certificate using your signing request, and the configuration you've just created.
	openssl x509 -req -in your.domain.com.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial \
	-out your.domain.com.crt -days 1825 -sha256 -extfile your.domain.com.ext


	To test things out:
	1. Retrieve your root ca pem file (myCA.pem)
	2. Import that pem file on your trust root certificate list
	2.1. Windows:
	2.1.1. Start > mmc
	2.1.2. File > Add/Remove Snap-In...
	2.1.3. Available snap-ins > Certificates > Click "Add >"
	2.1.4. Select "Computer account" > Next > Finish
	2.1.5. Click OK
	2.1.6. Certificates (Local Computer) > Trusted Root Certification Authorities
	> Right Click > All Tasks > Import Certificate
	2.1.7. Next > Browse on the PEM file (myCA.pem) > Finish
	2.1.x. DONE! :)