Last active
April 8, 2018 02:45
-
-
Save mehrdad-shokri/290eaf29e0dea5808e910b8742f366ba to your computer and use it in GitHub Desktop.
Install self signed certificates in ubuntu
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| openssl genrsa -out key.pem 2048 | |
| #OR if you want encrypted ca | |
| openssl genrsa -de3 -out key.pem 2048 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| openssl req -new -key key.pem -out cert.csr -sha256 -config openssl.cnf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| openssl x509 -req \ | |
| -days 1024 \ | |
| -in cert.csr \ | |
| -signkey key.pem \ | |
| -out cert.crt \ | |
| -extensions req_ext \ | |
| -extfile openssl.cnf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| openssl x509 -in cert.crt -out cert.pem -outform PEM |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Chrome won't allow to import self signed certificates which contain subjectNames directly. So we should do as certtool. | |
| ## Install ``certutil`` | |
| sudo apt-get install libnss3-tools | |
| ## The following command will add the certificate (where YOUR_FILE is your exported file): | |
| certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n cert.pem -i cert.pem | |
| #where cert.pem is the name of your certificate. To see a list of all your certificates and their names use this command: | |
| ## To see if it actually worked, you can list all of your certificates with this command: | |
| certutil -d sql:$HOME/.pki/nssdb -L | |
| ## Removing A Certificate | |
| certutil -D -d sql:$HOME/.pki/nssdb -n cert.pem |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| hotel stop | |
| kill node | |
| $kill chrome |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| openssl req -in cert.csr -noout -text | |
| openssl x509 -in cert.pem -noout -text | |
| openssl x509 -in cert.crt -noout -text |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ req ] | |
| default_bits = 4096 | |
| distinguished_name = req_distinguished_name | |
| req_extensions = req_ext | |
| [ req_distinguished_name ] | |
| countryName = Country Name (2 letter code) | |
| countryName_default = IR | |
| stateOrProvinceName = State or Province Name (full name) | |
| stateOrProvinceName_default = Tehran | |
| localityName = Locality Name (eg, city) | |
| localityName_default = Tehran | |
| organizationName = Organization Name (eg, company) | |
| organizationName_default = Mehrdad | |
| commonName = Common Name (e.g. server FQDN or YOUR name) | |
| commonName_max = 64 | |
| commonName_default = dev.mehi | |
| organizationalUnitName = Orgazization Unit | |
| organizationalUnitName_default = Dev | |
| [ req_ext ] | |
| keyUsage = keyEncipherment, dataEncipherment | |
| extendedKeyUsage = serverAuth | |
| subjectAltName = @alt_names | |
| [alt_names] | |
| DNS.1 = dev.mehi | |
| DNS.2 = www.dev.mehi | |
| DNS.3 = *.dev.mehi | |
| DNS.4 = www.*.dev.mehi | |
| DNS.5 = localhost |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1- https://leehblue.com/add-self-signed-ssl-google-chrome-ubuntu-16-04/ | |
| 2- https://stackoverflow.com/questions/4691699/how-to-convert-crt-to-pem | |
| 3- https://gist.github.com/mehrdaad/631772320204eaae9ccf457ec3b004a3 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment