Skip to content

Instantly share code, notes, and snippets.

@valkum
Last active April 15, 2021 11:57
Show Gist options
  • Save valkum/8ea639e9e35b8e2a3e9b4cb3917d685b to your computer and use it in GitHub Desktop.
Save valkum/8ea639e9e35b8e2a3e9b4cb3917d685b to your computer and use it in GitHub Desktop.
Create a local CA that is valid for Browsers using OpenSSL

Create a local CA using OpenSSL

The created CA will be valid for most browsers (if present in your local trust store) and should be accepted by zlint.

Steps

1. Config

Save the ssl.conf somewhere Replace the values in the req_distinguished_name part with your desired values.

2. Create key and cert

Call openssl: (Set -config ssl.conf, -key ca.key, and -out ca.crt to appropiate values)

bash# openssl req -config ssl.conf -x509 -new -nodes -key ca.key -sha256 -days 1024 -out ca.crt

3. Make sure that the CA is trusted by your application.

This can be done by adding it to your local trust store. How to add this depends on your OS and application. E.g. see here for debian

[ req ]
distinguished_name = req_distinguished_name
x509_extensions = v3_ca
prompt = no
[ v3_ca ]
keyUsage = critical, keyCertSign,cRLSign,digitalSignature
basicConstraints = critical, CA:true
subjectKeyIdentifier = hash
[ req_distinguished_name ]
countryName = DE
localityName = Germany
organizationName = SomeOrg
commonName = Local CA
streetAddress = 123 Street
postalCode = 1234
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment