Created
November 20, 2017 01:33
-
-
Save huobazi/4e83afc39373f5140d3b93dfeae77cda to your computer and use it in GitHub Desktop.
Be your own Certificate Authority
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Kudos to https://datacenteroverlords.com/2012/03/01/creating-your-own-ssl-certificate-authority/ | |
| # Create the Root Key | |
| # The first step is to create the private root key which only takes one step. | |
| # In the example below, I’m creating a 2048 bit key: | |
| openssl genrsa -out rootCA-key.pem 2048 | |
| # The next step is to self-sign this certificate. | |
| openssl req -x509 -new -nodes -key rootCA-key.pem -sha256 -days 1024 -out rootCA-cert.pem | |
| # Create the certificates | |
| # This is what needs to be installed on each server | |
| # On every device that you wish to install/use a trusted certificate, will need to go through this process. | |
| # First, just like with the root CA step, you’ll need to create a private key (different from the root CA). | |
| openssl genrsa -out device-key.pem 2048 | |
| # Once the key is created, you’ll generate the certificate signing request. | |
| openssl req -new -key device-key.pem -out device-cert.pem | |
| # Once that’s done, you’ll sign the CSR with your CA root key. | |
| openssl x509 -req -in device-cert.pem -CA rootCA-cert.pem -CAkey rootCA-key.pem -CAcreateserial -out device-cert.pem -days 500 -sha256 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment