Skip to content

Instantly share code, notes, and snippets.

@mazedlx

mazedlx/self_signed_certs_for_wsl.md

Last active January 21, 2019 16:55
Show Gist options
  • Save mazedlx/15811eb8ef3f4185306c533fef624311 to your computer and use it in GitHub Desktop.
Save mazedlx/15811eb8ef3f4185306c533fef624311 to your computer and use it in GitHub Desktop.
Download ZIP
Fucking SSL for fucking WSL development machine
Raw
self_signed_certs_for_wsl.md

Fucking self-signed certs for a fucking WSL development machine using fucking NGINX

Create a fucking CA

Create a fucking private key

$ openssl genrsa -des3 -out myCA.key 2048

Create a fucking root cert

$ openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem

Add the fucking root cert to the fucking browser

In Chrome, add cert to trusted CAs

Create the fucking SSL cert

Create another fucking private key

$ openssl genrsa -out nginx.key 2048

Create a fucking certficiate signing request (CSR)

$ openssl req -new -key nginx.key -out nginx.csr

Add another fucking file nginx.ext

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = aws.test
DNS.2 = leaflets.test

Create the fucking SSL cert for the fucking webserver

$ openssl x509 -req -in nginx.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial \
-out nginx.crt -days 1825 -sha256 -extfile nginx.ext

Add a new fucking host

Add the new host to the ext file. Re-run

$ openssl x509 -req -in nginx.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial \
-out nginx.crt -days 1825 -sha256 -extfile nginx.ext

Restart NGINX

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment