Skip to content

Instantly share code, notes, and snippets.

@risha700

risha700/OPENSSL.MD

Last active July 18, 2021 21:34
Show Gist options
  • Save risha700/ce2ed9f5e845874aa60e14a6ba7f91c4 to your computer and use it in GitHub Desktop.
Save risha700/ce2ed9f5e845874aa60e14a6ba7f91c4 to your computer and use it in GitHub Desktop.
Download ZIP
Generate localhost SSL
Raw
OPENSSL.MD
  1. Create a private key (as Root CA Key), keep this very private
  2. Self-sign a root certificate
  3. Install root CA on your various workstations
  4. Create a CSR(Certificate Signing Request) for each of your authorized needed circumstances(device, server, client, etc.)
  5. Sign CA with root CA Key
# generate a signing key


openssl genrsa -des3 -out rootCA.key 2048


# request a root certificate
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem

#DO NOT forget to validate root cert on macos keychain


# Create a key and csr

# request new key from a config file
openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat server.csr.cnf )


# Sign them with the rootkey
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext

server.csr.cnf

[req]
default_bits=4096
prompt=no
default_md=sha256
distinguished_name=dn

[dn]
C=US
ST=California
L=Long Beach
O=E-LIFEHUB LTD
OU=77
[email protected]
CN=building-crm.mac

v3.ext

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[ alternate_names ]
DNS.1=building-crm.mac
DNS.2=www.building-crm.mac
DNS.3=localhost
IP.1=127.0.0.1
IP.2=192.168.6.102
IP.3=::1

good refrence

https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment