Generate an SSL Certificate With the Root Certificate for localhost

The root certificate is trusted now. Let’s issue an SSL certificate to support our local domains — myexample.com, sub.myexample.com, myexample1.com, and localhost for testing.

Create a new OpenSSL configuration file server.csr.cnf so the configurations details can be used while generating the certificate.

[req]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn

[dn]
C=IN
ST=MP
L=INDORE
O=Tech Forum
OU=Marketing
[email protected]
CN = localhost

Create a v3.ext file with a list of local SAN domains:

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost

Create a private key and certificate-signing request (CSR) for the localhost certificate.

openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config server.csr.cnf

This private key is stored on server.key.
Let’s issue a certificate via the root SSL certificate and the CSR created earlier.

openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext

When it says Enter passphrase for rootCA.key, enter the passphrase used while generating the root key.
The output certificate is stored in a file called server.crt.

If you're stuck anywhere do leave a comment.

Follow me on Twitter at Twitter/pranjaljain0
Follow me on Github at github/pranjaljain0

Happy Hacking!

26