Skip to content

Instantly share code, notes, and snippets.

@prof3ssorSt3v3

prof3ssorSt3v3/ssl-certificate-commands.txt

Last active March 27, 2025 20:11
Show Gist options
  • Save prof3ssorSt3v3/fab15b677d4a4cc2568f09d477d9c8ac to your computer and use it in GitHub Desktop.
Save prof3ssorSt3v3/fab15b677d4a4cc2568f09d477d9c8ac to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ssl-certificate-commands.txt
#This is just a listing of the commands for generating your SSL certificates
#Run these commands one at a time from inside your ~/ssl folder
#Make sure you create your server.csr.cnf and your v3.ext files first inside the same folder
#private key generation
#This will ask you for a passphrase(password) do NOT lose this file or the password
openssl genrsa -des3 -out ~/ssl/rootCA.key 2048
#create root certificate
openssl req -x509 -new -nodes -key ~/ssl/rootCA.key -sha256 -days 1024 -out ~/ssl/rootCA.pem
#create the private key for the certificate (server.key)
openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <(cat server.csr.cnf)
#generate server.crt
openssl x509 -req -in server.csr -CA ~/ssl/rootCA.pem -CAkey ~/ssl/rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext
#verify that you did everything right
openssl x509 -text -in server.crt -noout
@dereknorton
Copy link

I have the same issue when last command :
Error opening Certificate server.crt
4564059756:error:02FFF002:system library:func(4095):No such file or directory:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.260.1/libressl-2.6/crypto/bio/bss_file.c:255:fopen('server.crt', 'r')
4564059756:error:20FFF002:BIO routines:CRYPTO_internal:system lib:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.260.1/libressl-2.6/crypto/bio/bss_file.c:257:
unable to load certificate

Any help ??

If you are manually typing from the video, notice that he made a typo - it should be rootCA.pem not rootCA.prem - it's fixed on the commands above, but misspelled in the video. Change the extension and you're good to go.

@mochel23
Copy link

I have the same issue:

RMochel@mochelMac ssl % openssl req -new -sha256 -nodes -out /Users/RMochel/ssl/server.csr -newkey rsa:2048 -keyout server.key -config <(cat /Users/RMochel/ssl/server.csr.cnf)
error on line 14 of /dev/fd/11
4543200876:error:0EFFF065:configuration file routines:CRYPTO_internal:missing equal sign:/AppleInternal/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.140.1/libressl-2.8/crypto/conf/conf_def.c:344:line 14
RMochel@mochelMac ssl %

Any feedback wold be appreciated...

@miron9
Copy link

miron9 commented Feb 25, 2021

https://joepaulk.wordpress.com/2020/07/06/error-when-signing-a-csr-using-openssl-on-macos/

@fredjubs
Copy link

Here are the same lines with all corrections

Commands to create SSL locally

#This is just a listing of the commands for generating your SSL certificates
#Run these commands one at a time from inside your ~/ssl folder
#Make sure you create your server.csr.cnf and your v3.ext files first inside the same folder

#private key generation
#This will ask you for a passphrase(password) do NOT lose this file or the password
openssl genrsa -des3 -out ~/ssl/rootCA.key 2048

#create root certificate
openssl req -x509 -new -nodes -key ~/ssl/rootCA.key -sha256 -days 1024 -out ~/ssl/rootCA.pem

#create the private key for the certificate (server.key)
openssl req -new -sha256 -nodes -out ~/ssl/server.csr -newkey rsa:2048 -keyout ~/ssl/server.key -config <(cat ~/ssl/server.csr.cnf)

#generate server.crt
openssl x509 -req -in ~/ssl/server.csr -CA ~/ssl/rootCA.pem -CAkey ~/ssl/rootCA.key -CAcreateserial -out ~/ssl/server.crt -days 500 -sha256 -extfile ~/ssl/v3.ext

#verify that you did everything right
openssl x509 -text -in ~/ssl/server.crt -noout

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment