Skip to content

Instantly share code, notes, and snippets.

@JamesMarino

JamesMarino/Root Certificate.md

Last active May 26, 2017 17:06
Show Gist options
  • Save JamesMarino/80d85227c5361dcb421b3dea47aa9eac to your computer and use it in GitHub Desktop.
Save JamesMarino/80d85227c5361dcb421b3dea47aa9eac to your computer and use it in GitHub Desktop.
Download ZIP
Generating Root Certificates
Raw
Root Certificate.md

Root Certificate

The Root CA Certificate

  1. This will create a Root Certificate Authority

openssl genrsa -out rootCA.key 2048

  1. This will sign it

openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crt

The .crt is now the Root Certificate you need to install

  1. Convert PEM to PKCS12 (P12) if neccesary

openssl pkcs12 -export -inkey privateKey.key -in certificate.crt -out certificate.p12

The Servers Certificates

  1. Generate Server Key

openssl genrsa -out server.key 2048

  1. Multiple domains (Note is Mac OSX Specific)

Note - You will need to make a new file

ssl.conf:

[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no

[req_distinguished_name]
C = AU
ST = NSW
L = Sydney
O = MyCompany
OU = MyDivision
CN = example.com

[v3_req]
subjectAltName = @alt_names

[alt_names]
DNS.1 = www.example.com
DNS.2 = another.com
DNS.3 = another.net

[ v3_ca ]
subjectAltName = @alt_names

Then Generate:

openssl req -new -key server.key -out server.csr -config ssl.conf

  1. Sign it with the root certificate we made

openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extensions v3_ca -extfile ssl.conf

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment