DEV Community

Pranjal Jain
Pranjal Jain

Posted on • Updated on

Generate an SSL Certificate With the Root Certificate for localhost

The root certificate is trusted now. Let’s issue an SSL certificate to support our local domains —,,, and localhost for testing.

Create a new OpenSSL configuration file server.csr.cnf so the configurations details can be used while generating the certificate.

default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn

O=Tech Forum
CN = localhost
Enter fullscreen mode Exit fullscreen mode

Create a v3.ext file with a list of local SAN domains:

keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
DNS.1 = localhost
Enter fullscreen mode Exit fullscreen mode

Create a private key and certificate-signing request (CSR) for the localhost certificate.

openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config server.csr.cnf
Enter fullscreen mode Exit fullscreen mode

This private key is stored on server.key.
Let’s issue a certificate via the root SSL certificate and the CSR created earlier.

openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext
Enter fullscreen mode Exit fullscreen mode

When it says Enter passphrase for rootCA.key, enter the passphrase used while generating the root key.
The output certificate is stored in a file called server.crt.

If you're stuck anywhere do leave a comment.

Follow me on Twitter at Twitter/pranjaljain0
Follow me on Github at github/pranjaljain0

Happy Hacking!

Top comments (0)