Self signed certificate creation using openssl

Certificate-creation-using-openssl.md

Man in the middle defense: OpenSSL

• Generate a private key

openssl genrsa -aes128 \
	-out my-private.key 2048

• Generate a public key from private key

openssl rsa -pubout \
	-in my-private.key
	-out my-public.key

• Make a new certificate signing request

openssl req -new \
	-key my-private.key \
	-out my-request.csr

• Sign the certificate with your private key

openssl x509 -req -days 3 \
	-in my-request.csr \
	-signkey my-private.key \
	-out my-certificate.crt

Merge files to create the pem file

cat my-certificate.crt my-private.key > my-certificate.pem

Generating-certificate-locally.md

Generate certificate & key

• Create file openssh.conf

[req]
default_bits = 2048
default_keyfile = oats.key
encrypt_key = no
utf8 = yes
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no

[req_distinguished_name]
C = US
ST = Cary
L = Cary
O  = BigCompany
CN = *.lvh.me

[v3_req]
keyUsage = critical, digitalSignature, keyAgreement
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1 = lvh.me
DNS.1 = *.lvh.me

• Command to generate app.key & app.crt

openssl req -x509 -sha256 -nodes -days 3 -newkey rsa:2048 -keyout app.key -out app.crt -config openssh.conf

• Command to generate app.pem

cat app.crt app.key > app.pem

nginx.conf

server {
    listen       443 ssl;
    server_name  localhost;

    ssl_certificate      app.pem;
    ssl_certificate_key  app.key;

    location / {
        root   html;
        index  index.html index.htm;
    }
}