Skip to content

Instantly share code, notes, and snippets.

@tsfreitas

tsfreitas/certification.md

Created June 24, 2019 21:29
Show Gist options
  • Save tsfreitas/dfd5db6043fd4b3ca76788247b723557 to your computer and use it in GitHub Desktop.
Save tsfreitas/dfd5db6043fd4b3ca76788247b723557 to your computer and use it in GitHub Desktop.
Download ZIP
Localhost self signed certification
Raw
certification.md

Como gerar um certificado para testes com https e http2

Artigo original: https://www.novatec-gmbh.de/en/blog/spring-boot-applications-tls-http2/

Certificado raiz

  1. Criando certificado raiz keytool -genkeypair -alias root-ca -keyalg RSA -keysize 3072 -ext BC:c=ca:true -keystore ./root-ca/ca.jks -storepass secret -keypass secret

  2. Exportando o certificado raiz keytool -exportcert -alias root-ca -keystore ./root-ca/ca.jks -rfc -file ./root-ca/ca.pem -storepass secret

Certificado assinado

  1. Criando certificado do servidor keytool -genkeypair -alias localhost -keyalg RSA -keysize 3072 -dname "CN=com.tsfreitas.client,OU=Development,O=My Organization,C=BR" -ext BC:c=ca:false -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore ./server/server.jks -storepass secret -keypass secret

  2. Criando o certificado assinado keytool -certreq -alias localhost -keystore ./server/server.jks -file ./server/server.csr -storepass secret -keypass secret

  3. Exportando o certificado keytool -gencert -alias root-ca -keystore ./root-ca/ca.jks -infile ./server/server.csr -rfc -outfile ./server/server.pem -storepass secret -keypass secret

Vinculando os certificados

  1. Vincular o certificado raiz no certificado do servidor keytool -importcert -noprompt -alias root-ca -keystore ./server/server.jks -file ./root-ca/ca.pem -storepass secret -keypass secret

  2. Vincular certificado assinado keytool -importcert -noprompt -alias localhost -keystore ./server/server.jks -file ./server/server.pem -storepass secret -keypass secret

Adicionar chave raiz no Chrome

  1. Entrar em chrome://settings/certificates -> Authorities -> Import e selecionar o arquivo ./root-ca/ca.epm
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment