Last active
March 27, 2025 20:11
-
-
Save prof3ssorSt3v3/fab15b677d4a4cc2568f09d477d9c8ac to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #This is just a listing of the commands for generating your SSL certificates | |
| #Run these commands one at a time from inside your ~/ssl folder | |
| #Make sure you create your server.csr.cnf and your v3.ext files first inside the same folder | |
| #private key generation | |
| #This will ask you for a passphrase(password) do NOT lose this file or the password | |
| openssl genrsa -des3 -out ~/ssl/rootCA.key 2048 | |
| #create root certificate | |
| openssl req -x509 -new -nodes -key ~/ssl/rootCA.key -sha256 -days 1024 -out ~/ssl/rootCA.pem | |
| #create the private key for the certificate (server.key) | |
| openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <(cat server.csr.cnf) | |
| #generate server.crt | |
| openssl x509 -req -in server.csr -CA ~/ssl/rootCA.pem -CAkey ~/ssl/rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext | |
| #verify that you did everything right | |
| openssl x509 -text -in server.crt -noout | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Here are the same lines with all corrections
Commands to create SSL locally
#This is just a listing of the commands for generating your SSL certificates
#Run these commands one at a time from inside your ~/ssl folder
#Make sure you create your server.csr.cnf and your v3.ext files first inside the same folder
#private key generation
#This will ask you for a passphrase(password) do NOT lose this file or the password
openssl genrsa -des3 -out ~/ssl/rootCA.key 2048
#create root certificate
openssl req -x509 -new -nodes -key ~/ssl/rootCA.key -sha256 -days 1024 -out ~/ssl/rootCA.pem
#create the private key for the certificate (server.key)
openssl req -new -sha256 -nodes -out ~/ssl/server.csr -newkey rsa:2048 -keyout ~/ssl/server.key -config <(cat ~/ssl/server.csr.cnf)
#generate server.crt
openssl x509 -req -in ~/ssl/server.csr -CA ~/ssl/rootCA.pem -CAkey ~/ssl/rootCA.key -CAcreateserial -out ~/ssl/server.crt -days 500 -sha256 -extfile ~/ssl/v3.ext
#verify that you did everything right
openssl x509 -text -in ~/ssl/server.crt -noout