Skip to content

Instantly share code, notes, and snippets.

@prof3ssorSt3v3

prof3ssorSt3v3/ssl-certificate-commands.txt

Last active March 27, 2025 20:11
Show Gist options
  • Save prof3ssorSt3v3/fab15b677d4a4cc2568f09d477d9c8ac to your computer and use it in GitHub Desktop.
Save prof3ssorSt3v3/fab15b677d4a4cc2568f09d477d9c8ac to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ssl-certificate-commands.txt
#This is just a listing of the commands for generating your SSL certificates
#Run these commands one at a time from inside your ~/ssl folder
#Make sure you create your server.csr.cnf and your v3.ext files first inside the same folder
#private key generation
#This will ask you for a passphrase(password) do NOT lose this file or the password
openssl genrsa -des3 -out ~/ssl/rootCA.key 2048
#create root certificate
openssl req -x509 -new -nodes -key ~/ssl/rootCA.key -sha256 -days 1024 -out ~/ssl/rootCA.pem
#create the private key for the certificate (server.key)
openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <(cat server.csr.cnf)
#generate server.crt
openssl x509 -req -in server.csr -CA ~/ssl/rootCA.pem -CAkey ~/ssl/rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext
#verify that you did everything right
openssl x509 -text -in server.crt -noout
@miron9
Copy link

miron9 commented Feb 25, 2021

https://joepaulk.wordpress.com/2020/07/06/error-when-signing-a-csr-using-openssl-on-macos/

@fredjubs
Copy link

Here are the same lines with all corrections

Commands to create SSL locally

#This is just a listing of the commands for generating your SSL certificates
#Run these commands one at a time from inside your ~/ssl folder
#Make sure you create your server.csr.cnf and your v3.ext files first inside the same folder

#private key generation
#This will ask you for a passphrase(password) do NOT lose this file or the password
openssl genrsa -des3 -out ~/ssl/rootCA.key 2048

#create root certificate
openssl req -x509 -new -nodes -key ~/ssl/rootCA.key -sha256 -days 1024 -out ~/ssl/rootCA.pem

#create the private key for the certificate (server.key)
openssl req -new -sha256 -nodes -out ~/ssl/server.csr -newkey rsa:2048 -keyout ~/ssl/server.key -config <(cat ~/ssl/server.csr.cnf)

#generate server.crt
openssl x509 -req -in ~/ssl/server.csr -CA ~/ssl/rootCA.pem -CAkey ~/ssl/rootCA.key -CAcreateserial -out ~/ssl/server.crt -days 500 -sha256 -extfile ~/ssl/v3.ext

#verify that you did everything right
openssl x509 -text -in ~/ssl/server.crt -noout

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment