gnilchee/ca-config.json

## ca-config.json
{
    "signing": {
        "default": {
            "expiry": "17520h"
        },
        "profiles": {
            "2yr-server": {
                "expiry": "17520h",
                "usages": [
                    "signing",
                    "key encipherment",
                    "server auth"
                ]
            },
            "3yr-server": {
                "expiry": "26280h",
                "usages": [
                    "signing",
                    "key encipherment",
                    "server auth"
                ]
            },
            "5yr-server": {
                "expiry": "43800h",
                "usages": [
                    "signing",
                    "key encipherment",
                    "server auth"
                ]
            },
            "2y-client": {
                "expiry": "17520h",
                "usages": [
                    "signing",
                    "key encipherment",
                    "client auth"
                ]
            },
            "3y-client": {
                "expiry": "26280h",
                "usages": [
                    "signing",
                    "key encipherment",
                    "client auth"
                ]
            },
            "5y-client": {
                "expiry": "43800h",
                "usages": [
                    "signing",
                    "key encipherment",
                    "client auth"
                ]
            }
        }
    }
}

## ca-csr.json
{
    "CN": "My CA",
    "hosts": [
        "myca.com",
        "www.myca.com"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "US",
            "ST": "CA",
            "L": "San Francisco"
        }
    ],
    "ca": {
        "expiry": "87600h"
    }
}

## host.example.com.json
{
    "CN": "host.example.com",
    "hosts": [
        "host.example.com"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "US",
            "ST": "CA",
            "L": "Oakland"
        }
    ]
}

## steps.md

      
    Raw
  

              steps.md
            
          
    Install cfssl

go get -u github.com/cloudflare/cfssl/cmd/cfssl
Install support binaries

go get -u github.com/cloudflare/cfssl/cmd/...
Create CA

cfssl gencert -initca ca-csr.json | cfssljson -bare ca -
Sign your first server cert

cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=2yr-server host.example.com.json | cfssljson -bare host.example.com
To see more details on this process

More Information
	{
	"signing": {
	"default": {
	"expiry": "17520h"
	},
	"profiles": {
	"2yr-server": {
	"expiry": "17520h",
	"usages": [
	"signing",
	"key encipherment",
	"server auth"
	]
	},
	"3yr-server": {
	"expiry": "26280h",
	"usages": [
	"signing",
	"key encipherment",
	"server auth"
	]
	},
	"5yr-server": {
	"expiry": "43800h",
	"usages": [
	"signing",
	"key encipherment",
	"server auth"
	]
	},
	"2y-client": {
	"expiry": "17520h",
	"usages": [
	"signing",
	"key encipherment",
	"client auth"
	]
	},
	"3y-client": {
	"expiry": "26280h",
	"usages": [
	"signing",
	"key encipherment",
	"client auth"
	]
	},
	"5y-client": {
	"expiry": "43800h",
	"usages": [
	"signing",
	"key encipherment",
	"client auth"
	]
	}
	}
	}
	}
	{
	"CN": "My CA",
	"hosts": [
	"myca.com",
	"www.myca.com"
	],
	"key": {
	"algo": "rsa",
	"size": 2048
	},
	"names": [
	{
	"C": "US",
	"ST": "CA",
	"L": "San Francisco"
	}
	],
	"ca": {
	"expiry": "87600h"
	}
	}
	{
	"CN": "host.example.com",
	"hosts": [
	"host.example.com"
	],
	"key": {
	"algo": "rsa",
	"size": 2048
	},
	"names": [
	{
	"C": "US",
	"ST": "CA",
	"L": "Oakland"
	}
	]
	}