Creating a self-signed SSL certificate, and then verifying it on another Linux machine

gistfile1.txt

# Procedure is for Ubuntu 14.04 LTS.

# Using these guides:
# http://datacenteroverlords.com/2012/03/01/creating-your-own-ssl-certificate-authority/
# https://turboflash.wordpress.com/2009/06/23/curl-adding-installing-trusting-new-self-signed-certificate/
# https://jamielinux.com/articles/2013/08/act-as-your-own-certificate-authority/

# Generate the root (GIVE IT A PASSWORD IF YOU'RE NOT AUTOMATING SIGNING!):
openssl genrsa -aes256 -out ca.key 2048
openssl req -new -x509 -days 7300 -key ca.key -sha256 -extensions v3_ca -out ca.crt

# Generate the domain key:
openssl genrsa -out yoursite.org.key 2048

# Generate the certificate signing request
openssl req -sha256 -new -key yoursite.org.key -out yoursite.org.csr

# Sign the request with your root key
openssl x509 -sha256 -req -in yoursite.org.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out yoursite.org.crt -days 7300

# Check your homework:
openssl verify -CAfile ca.crt yoursite.org.crt

# Add the trusted certificate to the system:
sudo cp neocities.ca.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates

# That's it, add the certificate for your site to the SSL config or whatever and the machine you added the root certificate to will verify correctly.

# BUT I WANTED TO PAY $1500 FOR VERISIGN TO DO THE SAME FUCKING THING!
Cool, send it here instead: 1Q5gek6gZc4E8dREcTkctQNtcb8dmikX1p

Thank you for the great instruction!
There is one critical detail that you forgot to mention: one should not use the same "Common name" for the root and server certificates, otherwise verification would fail with "error 18 at 0 depth lookup:self signed certificate".

Excelent! Many thanks!

awesome. Really helpful. Thanks !

This gives me a invalid ca authority in chrome

Invalid CA authority.