The root certificate is trusted now. Let’s issue an SSL certificate to support our local domains — myexample.com
, sub.myexample.com
, myexample1.com
, and localhost
for testing.
Create a new OpenSSL configuration file server.csr.cnf
so the configurations details can be used while generating the certificate.
[req]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn
[dn]
C=IN
ST=MP
L=INDORE
O=Tech Forum
OU=Marketing
emailAddress=admin@pranjaljain.me
CN = localhost
Create a v3.ext
file with a list of local SAN domains:
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
Create a private key and certificate-signing request (CSR) for the localhost certificate.
openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config server.csr.cnf
This private key is stored on server.key
.
Let’s issue a certificate via the root SSL certificate and the CSR created earlier.
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext
When it says Enter passphrase for rootCA.key
, enter the passphrase used while generating the root key.
The output certificate is stored in a file called server.crt
.
If you're stuck anywhere do leave a comment.
Follow me on Twitter at Twitter/pranjaljain0
Follow me on Github at github/pranjaljain0
Happy Hacking!
Top comments (0)