Skip to content

Instantly share code, notes, and snippets.

@johngrimes

johngrimes/generating-local-certs.md

Last active February 6, 2018 22:50
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save johngrimes/a42ea4237a9c33c163ae77d7099e5c90 to your computer and use it in GitHub Desktop.
Save johngrimes/a42ea4237a9c33c163ae77d7099e5c90 to your computer and use it in GitHub Desktop.
Download ZIP
Generating a local CA and certificates
Raw
generating-local-certs.md

Generating a local CA and certificates

Create this file as [hostname].ext

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage=digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName=@alt_names

[alt_names]
DNS.1=[hostname]

To create the root certificate

openssl genrsa -out [caname].key 2048
openssl req -x509 -new -nodes -key [caname].key -sha256 -days 18250 -out [caname].pem

To create a certificate for a hostname

openssl req -x509 -nodes -days 18250 -newkey rsa:2048 -keyout [hostname].key -out [hostname].crt
openssl req -new -newkey rsa:2048 -sha256 -nodes -keyout [hostname].key -out [hostname].csr
openssl x509 -req -in [hostname].csr -CA [caname].pem -CAkey [caname].key -CAcreateserial -out [hostname].crt -days 18250 -sha256 -extfile [hostname].ext

Package cert and key as p12 and PEM

openssl pkcs12 -export -in [hostname].crt -inkey [hostname].key -out [hostname].p12
openssl pkcs12 -in [hostname].p12 -nodes -out [hostname].pem
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment