Last active
August 16, 2023 20:24
-
-
Save plambrechtsen/79254b033fe31ead484ba915442208c0 to your computer and use it in GitHub Desktop.
Create self signed root CA, intermediate and leaf cert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
openssl req -x509 -newkey rsa:2048 -sha256 -days 365 -nodes -keyout Root.key -out Root.pem -subj '/CN=Root CA' -addext 'subjectKeyIdentifier=hash' | |
openssl req -new -newkey rsa:2048 -sha256 -nodes -out Intermediate.csr -keyout Intermediate.key -subj '/CN=Intermediate CA' | |
# -- Intermediate.ext -- | |
cat <<EOF > Intermediate.ext | |
authorityKeyIdentifier=keyid,issuer | |
subjectKeyIdentifier=hash | |
basicConstraints=CA:TRUE | |
keyUsage = digitalSignature, keyCertSign | |
EOF | |
openssl x509 -req -in Intermediate.csr -CA Root.pem -CAkey Root.key -CAcreateserial -out Intermediate.pem -days 365 -sha256 -extfile Intermediate.ext | |
# Leaf Cert | |
openssl req -new -nodes -out Leaf.csr -newkey rsa:2048 -keyout Leaf.key -subj '/CN=user/emailAddress=user@local' | |
# -- Leaf.ext -- | |
cat <<EOF > Leaf.ext | |
authorityKeyIdentifier=keyid | |
subjectKeyIdentifier=hash | |
keyUsage = digitalSignature,nonRepudiation, keyEncipherment | |
subjectAltName = @alt_names | |
[alt_names] | |
otherName=msUPN;UTF8:user@local | |
email=user@local | |
EOF | |
openssl x509 -req -in Leaf.csr -CA Intermediate.pem -CAkey Intermediate.key -CAcreateserial -out Leaf.pem -days 365 -sha256 -extfile Leaf.ext |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment