Skip to content

Instantly share code, notes, and snippets.

@retr0h
Last active November 21, 2018 06:40
Show Gist options
  • Save retr0h/11018218 to your computer and use it in GitHub Desktop.
Save retr0h/11018218 to your computer and use it in GitHub Desktop.
self signed cert

Creating a self-signed CA

$ openssl req -new -x509 -nodes -days 365 -out CA.crt -keyout CA.key -subj '/CN=Test CA'
$ openssl req -new -nodes -out cert.req -keyout cert.key -subj '/CN=*.openstack.local'
$ openssl x509 -req -in cert.req -CA CA.crt -CAkey CA.key -CAcreateserial -days 365 -out cert.crt

View the expiration date for an x509 certificate. Unless passing the -days flag when creating the CA cert, it will default to '30', as defined by the default_crl_days option in /etc/ssl/openssl.cnf.

$ openssl x509 -text -in CA.crt

Distributing the new CA

  • Add CA.crt to /usr/local/share/ca-certificates/ to all hosts and run update-ca-certificates.
  • Deploy cert.crt and cert.key to the load balancer and/or web server.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment