Created
October 13, 2019 06:35
-
-
Save brisbanewebdeveloper/a96f74a587d4952576b653831827a05d to your computer and use it in GitHub Desktop.
Create self-signed SSL Certificate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| openssl \ | |
| req \ | |
| -x509 \ | |
| -nodes \ | |
| -days 365 \ | |
| -newkey rsa:2048 \ | |
| -keyout $PWD/httpd-selfsigned.key \ | |
| -out $PWD/httpd-selfsigned.crt \ | |
| -config <(cat openssl.cnf) \ | |
| -subj '/C=Example Country/ST=Example State/L=Example City/O=FirstName LastName/OU=/CN=example.dev/[email protected]' | |
| openssl x509 -in httpd-selfsigned.crt -text -noout | |
| # For Chrome on Linux | |
| # https://stackoverflow.com/questions/7580508/getting-chrome-to-accept-self-signed-localhost-certificate | |
| # certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n httpd-selfsigned.crt -i httpd-selfsigned.crt | |
| # certutil -d sql:$HOME/.pki/nssdb -L |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ req ] | |
| #default_bits = 2048 | |
| #default_md = sha256 | |
| #default_keyfile = privkey.pem | |
| distinguished_name = req_distinguished_name | |
| #attributes = req_attributes | |
| req_extensions = v3_req | |
| x509_extensions = v3_ca | |
| [ req_distinguished_name ] | |
| countryName = Country Name (2 letter code) | |
| countryName_min = 2 | |
| countryName_max = 2 | |
| stateOrProvinceName = State or Province Name (full name) | |
| localityName = Locality Name (eg, city) | |
| 0.organizationName = Organization Name (eg, company) | |
| organizationalUnitName = Organizational Unit Name (eg, section) | |
| commonName = Common Name (eg, fully qualified host name) | |
| commonName_max = 64 | |
| emailAddress = Email Address | |
| emailAddress_max = 64 | |
| [ req_attributes ] | |
| challengePassword = A challenge password | |
| challengePassword_min = 4 | |
| challengePassword_max = 20 | |
| [ v3_req ] | |
| basicConstraints = CA:FALSE | |
| keyUsage = digitalSignature, nonRepudiation, keyEncipherment | |
| [ v3_ca ] | |
| subjectKeyIdentifier = hash | |
| authorityKeyIdentifier = keyid:always,issuer:always | |
| subjectAltName = DNS:example.dev,DNS:*.example.dev | |
| issuerAltName = issuer:copy |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Steps
create.shto somewhere in your Server and createopenssl.cnfin the same directory.example/Examplein the files.create.sh.If that did not work, you may need to copy
/etc/ssl/openssl.cnfin your server and amend it accordingly with Stack Overflow.How to use it
create.shgenerateshttpd-selfsigned.crtandhttpd-selfsigned.keyso you make your Web Server (Apache, Nginx, Node.js Program etc) refer them. How to refer them should be found via Google.Your PC needs to have
httpd-selfsigned.crtinstalled as trusted certificate to see your Web Site mentioned increate.shandopenssl.cnf(as you should have changed it fromexample.dev).If you use Chrome on Linux,
certutilcommand needs to be used to make Chrome referhttpd-selfsigned.crt.certutilincreate.shand runcreate.sh.