This script produces self-signed certificate authority and one self-signed certificate. This should be enough for local development (https://localhost
). If you update system-wide ca-certificates
it should work with CLI apps.
Using those five simple steps (optionally seven) you should be able to have a usable self-signed certificate.
- Copy
localhost.ext
andMakefile
anywhere and put them in the same directory. - Adjust
SUBJ
andPASSWD
variables inMakefile
to suit your needs. - Invoke
make install
as root (sudo make install
). - Now it should be possible to import
/etc/ssl/certs/localhostCA.crt
into your browser as anAuthority
certificate (use your browser GUI). - You can use
/etc/ssl/certs/localhost.crt
and/etc/ssl/private/localhost.key
in Nginx or any other web server.
Nginx:
ssl_certificate /etc/ssl/certs/localhost.crt;
ssl_certificate_key /etc/ssl/private/localhost.key;
- (optional) If you need a Diffie-Hellman group in the Nginx, you can call
make /etc/nginx/dhparam.pem
- (optional) If you want to remove the self-signed cert, run
sudo make uninstall
and remove authority certificate from your browser.