Skip to content

Instantly share code, notes, and snippets.

@kyledrake
Last active October 22, 2023 12:25
Show Gist options
  • Save kyledrake/d7457a46a03d7408da31 to your computer and use it in GitHub Desktop.
Save kyledrake/d7457a46a03d7408da31 to your computer and use it in GitHub Desktop.
Creating a self-signed SSL certificate, and then verifying it on another Linux machine
# Procedure is for Ubuntu 14.04 LTS.
# Using these guides:
# http://datacenteroverlords.com/2012/03/01/creating-your-own-ssl-certificate-authority/
# https://turboflash.wordpress.com/2009/06/23/curl-adding-installing-trusting-new-self-signed-certificate/
# https://jamielinux.com/articles/2013/08/act-as-your-own-certificate-authority/
# Generate the root (GIVE IT A PASSWORD IF YOU'RE NOT AUTOMATING SIGNING!):
openssl genrsa -aes256 -out ca.key 2048
openssl req -new -x509 -days 7300 -key ca.key -sha256 -extensions v3_ca -out ca.crt
# Generate the domain key:
openssl genrsa -out yoursite.org.key 2048
# Generate the certificate signing request
openssl req -sha256 -new -key yoursite.org.key -out yoursite.org.csr
# Sign the request with your root key
openssl x509 -sha256 -req -in yoursite.org.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out yoursite.org.crt -days 7300
# Check your homework:
openssl verify -CAfile ca.crt yoursite.org.crt
# Add the trusted certificate to the system:
sudo cp neocities.ca.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
# That's it, add the certificate for your site to the SSL config or whatever and the machine you added the root certificate to will verify correctly.
# BUT I WANTED TO PAY $1500 FOR VERISIGN TO DO THE SAME FUCKING THING!
Cool, send it here instead: 1Q5gek6gZc4E8dREcTkctQNtcb8dmikX1p
@fmquaggio
Copy link

Excelent! Many thanks!

@rvpanchani
Copy link

rvpanchani commented Aug 12, 2019

awesome. Really helpful. Thanks !

@chukie
Copy link

chukie commented Jun 19, 2021

This gives me a invalid ca authority in chrome

@thepraveen19
Copy link

thepraveen19 commented Feb 20, 2022

Invalid CA authority.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment