Skip to content

Instantly share code, notes, and snippets.

@valkum

valkum/README.md

Last active April 15, 2021 11:57
Show Gist options
  • Save valkum/8ea639e9e35b8e2a3e9b4cb3917d685b to your computer and use it in GitHub Desktop.
Save valkum/8ea639e9e35b8e2a3e9b4cb3917d685b to your computer and use it in GitHub Desktop.
Download ZIP
Create a local CA that is valid for Browsers using OpenSSL
Raw
README.md

Create a local CA using OpenSSL

The created CA will be valid for most browsers (if present in your local trust store) and should be accepted by zlint.

Steps

1. Config

Save the ssl.conf somewhere Replace the values in the req_distinguished_name part with your desired values.

2. Create key and cert

Call openssl: (Set -config ssl.conf, -key ca.key, and -out ca.crt to appropiate values)

bash# openssl req -config ssl.conf -x509 -new -nodes -key ca.key -sha256 -days 1024 -out ca.crt

3. Make sure that the CA is trusted by your application.

This can be done by adding it to your local trust store. How to add this depends on your OS and application. E.g. see here for debian

Raw
ssl.conf
[ req ]
distinguished_name = req_distinguished_name
x509_extensions = v3_ca
prompt = no
[ v3_ca ]
keyUsage = critical, keyCertSign,cRLSign,digitalSignature
basicConstraints = critical, CA:true
subjectKeyIdentifier = hash
[ req_distinguished_name ]
countryName = DE
localityName = Germany
organizationName = SomeOrg
commonName = Local CA
streetAddress = 123 Street
postalCode = 1234
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment