Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Creating a self-signed SSL certificate, and then verifying it on another Linux machine
# Procedure is for Ubuntu 14.04 LTS.
# Using these guides:
# http://datacenteroverlords.com/2012/03/01/creating-your-own-ssl-certificate-authority/
# https://turboflash.wordpress.com/2009/06/23/curl-adding-installing-trusting-new-self-signed-certificate/
# https://jamielinux.com/articles/2013/08/act-as-your-own-certificate-authority/
# Generate the root (GIVE IT A PASSWORD IF YOU'RE NOT AUTOMATING SIGNING!):
openssl genrsa -aes256 -out ca.key 2048
openssl req -new -x509 -days 7300 -key ca.key -sha256 -extensions v3_ca -out ca.crt
# Generate the domain key:
openssl genrsa -out yoursite.org.key 2048
# Generate the certificate signing request
openssl req -sha256 -new -key yoursite.org.key -out yoursite.org.csr
# Sign the request with your root key
openssl x509 -sha256 -req -in yoursite.org.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out yoursite.org.crt -days 7300
# Check your homework:
openssl verify -CAfile ca.crt yoursite.org.crt
# Add the trusted certificate to the system:
sudo cp neocities.ca.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
# That's it, add the certificate for your site to the SSL config or whatever and the machine you added the root certificate to will verify correctly.
# BUT I WANTED TO PAY $1500 FOR VERISIGN TO DO THE SAME FUCKING THING!
Cool, send it here instead: 1Q5gek6gZc4E8dREcTkctQNtcb8dmikX1p
@zencircle

This comment has been minimized.

Copy link

commented Feb 15, 2017

Awesome

@coderaaron

This comment has been minimized.

Copy link

commented Mar 30, 2017

Awesome, thank you!

One comment, I think you need to change neocities.ca.crt to yoursite.org.crt on line 25 to match up with the cert created on line 18

@dzhioev

This comment has been minimized.

Copy link

commented Jun 15, 2017

Thank you for the great instruction!
There is one critical detail that you forgot to mention: one should not use the same "Common name" for the root and server certificates, otherwise verification would fail with "error 18 at 0 depth lookup:self signed certificate".

@fmquaggio

This comment has been minimized.

Copy link

commented Jan 9, 2019

Excelent! Many thanks!

@rvpanchani

This comment has been minimized.

Copy link

commented Aug 12, 2019

awesome. Really helpful. Thanks !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.