The root certificate is trusted now. Let’s issue an SSL certificate to support our local domains — myexample.com, sub.myexample.com, myexample1.com, and localhost for testing.
Create a new OpenSSL configuration file server.csr.cnf so the configurations details can be used while generating the certificate.
[req] default_bits = 2048 prompt = no default_md = sha256 distinguished_name = dn [dn] C=IN ST=MP L=INDORE O=Tech Forum OU=Marketing emailAddress=admin@pranjaljain.me CN = localhost Create a v3.ext file with a list of local SAN domains:
authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = localhost Create a private key and certificate-signing request (CSR) for the localhost certificate.
openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config server.csr.cnf This private key is stored on server.key.
Let’s issue a certificate via the root SSL certificate and the CSR created earlier.
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext When it says Enter passphrase for rootCA.key, enter the passphrase used while generating the root key.
The output certificate is stored in a file called server.crt.
If you're stuck anywhere do leave a comment.
Follow me on Twitter at Twitter/pranjaljain0
Follow me on Github at github/pranjaljain0
Happy Hacking!
Top comments (0)