Skip to content

Instantly share code, notes, and snippets.

@isutare412

isutare412/self-signed-certificates.md

Created September 24, 2022 05:44
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save isutare412/c50b27d9139a2d4e508fe0f5b2af62db to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save isutare412/c50b27d9139a2d4e508fe0f5b2af62db to your computer and use it in GitHub Desktop.
Download ZIP
Generate self-signed certificates for local development
Raw
self-signed-certificates.md
  1. Generate private key for local test CA.
openssl genrsa -out localTestCA.key 2048
  1. Generate certificate of the local test CA.
openssl req -x509 -new -nodes -key localTestCA.key -sha256 -days 1095 -out localTestCA.crt
  1. Check the certificate of the CA.
openssl x509 -in localTestCA.crt -text -noout
  1. Request and retrieve a certificate from the local test CA.
# Set your test domain
export DOMAIN=localhost

# Generate private key for development
openssl genrsa -out $DOMAIN.key 2048

# Generate CSR(Certificate Signing Request)
openssl req -new -key $DOMAIN.key -out $DOMAIN.csr

# Generate X.509 extension which include SAN field
cat > $DOMAIN.ext << EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = $DOMAIN
EOF

# Sign the CSR using the local test CA
openssl x509 -req -in $DOMAIN.csr -CA ./localTestCA.crt -CAkey ./localTestCA.key -CAcreateserial -out $DOMAIN.crt -days 365 -sha256 -extfile $DOMAIN.ext
  1. Check the certificate for your development server.
openssl x509 -in $DOMAIN.crt -text -noout
  1. Register the ceritificate of local test CA, NOT server certificate.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment