Last active
January 6, 2025 04:22
-
-
Save petrkutalek/0c242a625bc0d3be209597e982f52513 to your computer and use it in GitHub Desktop.
Making perfect ECDSA self-signed certificate for localhost
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| openssl ecparam -out localhost.key -name secp256r1 -genkey | |
| openssl req -x509 \ | |
| -out localhost.pem -new -key localhost.key -nodes -sha256 -days 30 \ | |
| -subj '/C=CZ/L=Prague/O=Petr Kutalek/OU=projectx/CN=localhost' \ | |
| -extensions EXT -config <( | |
| printf '[dn]\n'; | |
| printf 'CN=localhost\n'; | |
| printf '[req]\n'; | |
| printf 'distinguished_name=dn\n'; | |
| printf '[EXT]\n'; | |
| printf 'subjectAltName=DNS:localhost,IP:127.0.0.1,IP:::1\n'; | |
| printf 'keyUsage=digitalSignature,keyEncipherment\n'; | |
| printf 'extendedKeyUsage=critical,serverAuth\n'; | |
| printf 'basicConstraints=critical,CA:false\n'; | |
| printf 'subjectKeyIdentifier=hash\n'; | |
| printf 'authorityKeyIdentifier=keyid:always\n'; | |
| printf 'certificatePolicies=ia5org,@polsect\n'; | |
| printf '[polsect]\n'; | |
| printf 'policyIdentifier=2.5.29.32.0\n'; | |
| printf 'userNotice.1=@notice\n'; | |
| printf '[notice]\n'; | |
| printf 'explicitText="UTF8:This is just a temporary certificate for develoment and testing purposes."\n'; | |
| ) | |
| openssl x509 -in localhost.pem -text -noout -purpose |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment