Created
January 27, 2017 09:43
-
-
Save anonymous/bbf8726a24744de699f160a3ae1e15d5 to your computer and use it in GitHub Desktop.
Guide for creating self-signed development certs using OpenSSL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Root-CA: | |
| 1) openssl genrsa -aes256 -out localhost-root-ca.key 4096 | |
| 2) openssl req -out localhost-root-ca.csr -key localhost-root-ca.key -new -sha256 | |
| CN = localhost | |
| -or- | |
| CN = fully qualified domain name | |
| 3) openssl x509 -req -days 3000 -in localhost-root-ca.csr -signkey localhost-root-ca.key -out localhost-root-ca.pem -sha256 | |
| 4) openssl pkcs12 -export -out localhost-root-ca.p12 -inkey localhost-root-ca.key -in localhost-root-ca.pem | |
| - Add Root-CA certificate (either localhost-root-ca.p12 or localhost-root-ca.pem to Trusted Root CA's of the host) | |
| Device: | |
| 5) openssl genrsa -aes256 -out localhost.key 4096 | |
| 6) openssl req -new -key localhost.key -out localhost.csr -sha256 | |
| OU = Local development certificate | |
| CN = localhost | |
| 7) openssl x509 -req -in localhost.csr -CA localhost-root-ca.pem -CAkey localhost-root-ca.key -CAcreateserial -out localhost.pem -days 1000 -sha256 | |
| 8) openssl pkcs12 -export -out localhost.p12 -inkey localhost.key -in localhost.pem -certfile localhost-root-ca.pem | |
| - Add development certificate to Trusted Root CA's of local host. | |
| - For any development servers, utilize the localhost.key and localhost.pem | |
| !! Note that P12 formatted cert contains private key !! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment