Last active
October 22, 2023 12:25
-
-
Save kyledrake/d7457a46a03d7408da31 to your computer and use it in GitHub Desktop.
Creating a self-signed SSL certificate, and then verifying it on another Linux machine
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Procedure is for Ubuntu 14.04 LTS. | |
# Using these guides: | |
# http://datacenteroverlords.com/2012/03/01/creating-your-own-ssl-certificate-authority/ | |
# https://turboflash.wordpress.com/2009/06/23/curl-adding-installing-trusting-new-self-signed-certificate/ | |
# https://jamielinux.com/articles/2013/08/act-as-your-own-certificate-authority/ | |
# Generate the root (GIVE IT A PASSWORD IF YOU'RE NOT AUTOMATING SIGNING!): | |
openssl genrsa -aes256 -out ca.key 2048 | |
openssl req -new -x509 -days 7300 -key ca.key -sha256 -extensions v3_ca -out ca.crt | |
# Generate the domain key: | |
openssl genrsa -out yoursite.org.key 2048 | |
# Generate the certificate signing request | |
openssl req -sha256 -new -key yoursite.org.key -out yoursite.org.csr | |
# Sign the request with your root key | |
openssl x509 -sha256 -req -in yoursite.org.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out yoursite.org.crt -days 7300 | |
# Check your homework: | |
openssl verify -CAfile ca.crt yoursite.org.crt | |
# Add the trusted certificate to the system: | |
sudo cp neocities.ca.crt /usr/local/share/ca-certificates/ | |
sudo update-ca-certificates | |
# That's it, add the certificate for your site to the SSL config or whatever and the machine you added the root certificate to will verify correctly. | |
# BUT I WANTED TO PAY $1500 FOR VERISIGN TO DO THE SAME FUCKING THING! | |
Cool, send it here instead: 1Q5gek6gZc4E8dREcTkctQNtcb8dmikX1p |
Awesome, thank you!
One comment, I think you need to change neocities.ca.crt
to yoursite.org.crt
on line 25 to match up with the cert created on line 18
Thank you for the great instruction!
There is one critical detail that you forgot to mention: one should not use the same "Common name" for the root and server certificates, otherwise verification would fail with "error 18 at 0 depth lookup:self signed certificate".
Excelent! Many thanks!
awesome. Really helpful. Thanks !
This gives me a invalid ca authority in chrome
Invalid CA authority.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Awesome