Levvy055/SSL certificate creation.md

Last active December 21, 2019 14:11

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/Levvy055/a0f1de4396f4d0ac06f60400e6719a92.js"></script>
Save Levvy055/a0f1de4396f4d0ac06f60400e6719a92 to your computer and use it in GitHub Desktop.

Download ZIP

Creates personal CA with root certificate to make certificates for many sites.

Raw

SSL certificate creation.md

Creation of SSL myCAroot signed Certificates

Creation of root CA:

Only do it one time. Root Certificate will be used in creation of other certificates for your sites.

Create private key:

openssl genrsa -des3 -out myCA.key 2048
- enter password to key (used to generate root certificate)
Generate root certificate:

openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem
- enter pass phrase (needed to install certificate)
Generated pem file can be imported to system cert registry.
You are now a little CA :D

Creating CA-Signed Certificates for Your Dev Sites

Replace my_website with your site domain name.

Create private KEY

openssl genrsa -out my_website.key 2048
Create CSR

openssl req -new -key my_website.key -out my_website.csr
Generate certificate CRT

You need an ext file! Schema shown below.

openssl x509 -req -in my_website.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out my_website.crt -days 1825 -sha256 -extfile my_website.ext

ext file

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = my_website
DNS.2 = my_website.<my_local_ip>.xip.io

where my_local_ip is your IP address.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment