Creating a self-signed SSL certificate, and then verifying it on another Linux machine

gistfile1.txt

# Procedure is for Ubuntu 14.04 LTS.

# Using these guides:
# http://datacenteroverlords.com/2012/03/01/creating-your-own-ssl-certificate-authority/
# https://turboflash.wordpress.com/2009/06/23/curl-adding-installing-trusting-new-self-signed-certificate/
# https://jamielinux.com/articles/2013/08/act-as-your-own-certificate-authority/

# Generate the root (GIVE IT A PASSWORD IF YOU'RE NOT AUTOMATING SIGNING!):
openssl genrsa -aes256 -out ca.key 2048
openssl req -new -x509 -days 7300 -key ca.key -sha256 -extensions v3_ca -out ca.crt

# Generate the domain key:
openssl genrsa -out yoursite.org.key 2048

# Generate the certificate signing request
openssl req -sha256 -new -key yoursite.org.key -out yoursite.org.csr

# Sign the request with your root key
openssl x509 -sha256 -req -in yoursite.org.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out yoursite.org.crt -days 7300

# Check your homework:
openssl verify -CAfile ca.crt yoursite.org.crt

# Add the trusted certificate to the system:
sudo cp neocities.ca.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates

# That's it, add the certificate for your site to the SSL config or whatever and the machine you added the root certificate to will verify correctly.

# BUT I WANTED TO PAY $1500 FOR VERISIGN TO DO THE SAME FUCKING THING!
Cool, send it here instead: 1Q5gek6gZc4E8dREcTkctQNtcb8dmikX1p

Awesome

Awesome, thank you!

One comment, I think you need to change neocities.ca.crt to yoursite.org.crt on line 25 to match up with the cert created on line 18

Thank you for the great instruction!
There is one critical detail that you forgot to mention: one should not use the same "Common name" for the root and server certificates, otherwise verification would fail with "error 18 at 0 depth lookup:self signed certificate".

Excelent! Many thanks!

awesome. Really helpful. Thanks !

This gives me a invalid ca authority in chrome

Invalid CA authority.