DEV Community

Authapon Kongkaew
Authapon Kongkaew

Posted on

Generate Self-signed certificate

Create a CA key

openssl genpkey -algorithm RSA -aes128 -out private-ca.key -outform PEM -pkeyopt rsa_keygen_bits:2048
Enter fullscreen mode Exit fullscreen mode

Create a CA certificate

openssl req -x509 -new -nodes -sha256 -days 3650 -key private-ca.key -out self-signed-ca-cert.crt
Enter fullscreen mode Exit fullscreen mode

Create a certificate key

openssl genpkey -algorithm RSA -out self.key -outform PEM -pkeyopt rsa_keygen_bits:2048
Enter fullscreen mode Exit fullscreen mode

Create the self certificate request file

openssl req -new -key self.key -out self.csr
Enter fullscreen mode Exit fullscreen mode

Sign Our CSR With Root CA

Create a text file cert.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
IP.1=192.168.100.14
DNS.1=localhost
Enter fullscreen mode Exit fullscreen mode

Create the self certificate, signed from the root CA:

openssl x509 -req -in self.csr -CA self-signed-ca-cert.crt -CAkey private-ca.key -CAcreateserial -out self.crt -days 365 -sha256 -extfile cert.ext
Enter fullscreen mode Exit fullscreen mode

Top comments (0)