Created
April 15, 2020 20:58
-
-
Save julienbornstein/b9740c528b078fc92b2499a04f23e097 to your computer and use it in GitHub Desktop.
Create a Certificate Authority and self signed your website certificates
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # 1. Becoming a Certificate Authority | |
| openssl genrsa -des3 -out ca.key 2048 | |
| openssl req -x509 -new -nodes -key ca.key -sha256 -days 1825 -out ca.pem | |
| # Install the ca.pem in the Keychain app and set "Always Trust" in the trust section | |
| # 2. Creating "CA-Signed" Certificates for our development websites | |
| openssl genrsa -out localhost.key 2048 | |
| openssl req -new -key localhost.key -out localhost.csr | |
| # Edit localhost.ext for SAN configuration | |
| authorityKeyIdentifier=keyid,issuer | |
| basicConstraints=CA:FALSE | |
| keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment | |
| subjectAltName = @alt_names | |
| [alt_names] | |
| DNS.1 = localhost | |
| # Sign the certificate | |
| openssl x509 -req -in localhost.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out localhost.crt -days 1825 -sha256 -extfile localhost.ext | |
| # Remove the CSR file | |
| rm localhost.csr | |
| # Need a new dev certificate ? Just restart at step 2. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment