35
Generate an SSL Certificate With the Root Certificate for localhost
The root certificate is trusted now. Let’s issue an SSL certificate to support our local domains —
myexample.com
, sub.myexample.com
, myexample1.com
, and localhost
for testing.Create a new OpenSSL configuration file
server.csr.cnf
so the configurations details can be used while generating the certificate.[req]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn
[dn]
C=IN
ST=MP
L=INDORE
O=Tech Forum
OU=Marketing
emailAddress=admin@pranjaljain.me
CN = localhost
Create a
v3.ext
file with a list of local SAN domains:authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
Create a private key and certificate-signing request (CSR) for the localhost certificate.
openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config server.csr.cnf
This private key is stored on
Let’s issue a certificate via the root SSL certificate and the CSR created earlier.
server.key
.Let’s issue a certificate via the root SSL certificate and the CSR created earlier.
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext
When it says
The output certificate is stored in a file called
Enter passphrase for rootCA.key
, enter the passphrase used while generating the root key.The output certificate is stored in a file called
server.crt
.If you're stuck anywhere do leave a comment.
Happy Hacking!
35