Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Creating a Self-Signed Certificate
- ## Prerequisites
- - You'll need to install OpenSSL to create and sign certificates.
- - Linux: `sudo apt-get install openssl`
- - MacOS: `brew install openssl`
- ## Getting Started
- 1. Create a root key for your new certificate authority
- - `openssl genrsa -out root_ca.key 2048`
- 2. Use the root key to sign a root certificate
- - `openssl req -x509 -new -nodes -key root_ca.key -sha256 -days 1024 -out root_ca.pem`
- 3. Create a private key
- - `openssl genrsa -out server.key 2048`
- 4. Create a certificate signing request
- - When prompted, set the Common Name equal to the IP address or domain name at which your certificate will be found
- - `openssl req -new -key server.key -out server.csr`
- 5. Sign the CSR with your root key and root certificate
- - If you are creating a certificate for an IP address:
- - `openssl x509 -req -extfile <(printf "subjectAltName=IP:127.0.0.1") -in server.csr -CA root_ca.pem -CAkey root_ca.key -CAcreateserial -out server.crt -days 3650 -sha256`
- - If you are creating a certificate for a domain name:
- - `openssl x509 -req -extfile <(printf "subjectAltName=DNS:example.com") -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 3650 -sha256`
Add Comment
Please, Sign In to add comment