self CA
August 27, 2018
Create a self signed CA (Certificate Authority)
Generate private key:
$ openssl genrsa -des3 -out CA.key 4096
To create a private key without password:
$ openssl genrsa -out CA.key 4096
Create a root certificate:
$ openssl req -x509 -new -nodes -key CA.key -sha256 -out CA.pem -subj "/CN=example.com" -days 365
In one single command create the private key and the certificate:
$ openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout CA.key -out CA.pem -subj "/CN=myCA.tld" -days 365
Import this cert in your system (trust it)
🔗Create certificates to be signed with your CA:
Create a certificate requests .csr:
$ mkdir example.tld
$ cd example.tld
$ openssl req -newkey rsa:4096 -sha256 -nodes -keyout example.key -out example.csr -subj "/CN=example.tld"
Sign the certificate with the CA:
$ openssl x509 -days 3065 -sha256 -req -in example.csr -CA ../CA.pem -CAkey ../CA.key -set_serial 01 -out example.tld.crt