creating a self signed ssl certificate and making your browser trust it

This content originally appeared on DEV Community 👩‍💻👨‍💻 and was authored by Mark Marus

So i needed to make localhost with ssl certificate but couldn't find a way to create a certificate. After a few hours i found the solution. So first of all:
1) openssl genrsa -out rootCA.key 2048
2) openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem
After those 2 commands you should get 2 files (rootCA.key & rootCA.pem
3) Now let's create a bash script. I'll name it create_certificate_for_domain.sh
to begin type this lines:

if [ -z "$1" ]
then
  echo "Please supply a subdomain to create a certificate for";
  echo "e.g. mysite.localhost"
  exit;
fi
if [ -f device.key ]; then
  KEY_OPT="-key"
else
  KEY_OPT="-keyout"
fi
DOMAIN=$1
COMMON_NAME=${2:-$1}
SUBJECT="/C=CA/ST=None/L=NB/O=None/CN=$COMMON_NAME"
NUM_OF_DAYS=999


cat v3.ext | sed s/%%DOMAIN%%/$COMMON_NAME/g > /tmp/__v3.ext
openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days $NUM_OF_DAYS -sha256 -extfile /tmp/__v3.ext

mv device.csr $DOMAIN.csr
cp device.crt $DOMAIN.crt

rm -f device.crt;

4) create csr file
openssl req -new -newkey rsa:2048 -sha256 -nodes $KEY_OPT device.key -subj "$SUBJECT" -out device.csr
5) now we have to create a support file with settings. I'll call it v3.ext

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = %%DOMAIN%%
DNS.2 = *.%%DOMAIN%%

5) Now run the script
./create_certificate_for_domain.sh mysite.localhost
6) We get 2 files: mysite.localhost.crt && device.key
7) We have to link them to our localhost (nginx example)

8)open our link in browser. you should get security error
9) go into keychain and trust our mysite.localhost.crt

10) open the browser again and open localhost. That's it, you should be good to go!

This content originally appeared on DEV Community 👩‍💻👨‍💻 and was authored by Mark Marus

Print Share Comment Cite Upload Translate Updates

APA

Mark Marus | Sciencx (2022-11-05T13:18:13+00:00) creating a self signed ssl certificate and making your browser trust it. Retrieved from https://www.scien.cx/2022/11/05/creating-a-self-signed-ssl-certificate-and-making-your-browser-trust-it/

MLA

" » creating a self signed ssl certificate and making your browser trust it." Mark Marus | Sciencx - Saturday November 5, 2022, https://www.scien.cx/2022/11/05/creating-a-self-signed-ssl-certificate-and-making-your-browser-trust-it/

HARVARD

Mark Marus | Sciencx Saturday November 5, 2022 » creating a self signed ssl certificate and making your browser trust it., viewed ,<https://www.scien.cx/2022/11/05/creating-a-self-signed-ssl-certificate-and-making-your-browser-trust-it/>

VANCOUVER

Mark Marus | Sciencx - » creating a self signed ssl certificate and making your browser trust it. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2022/11/05/creating-a-self-signed-ssl-certificate-and-making-your-browser-trust-it/

CHICAGO

" » creating a self signed ssl certificate and making your browser trust it." Mark Marus | Sciencx - Accessed . https://www.scien.cx/2022/11/05/creating-a-self-signed-ssl-certificate-and-making-your-browser-trust-it/

IEEE

" » creating a self signed ssl certificate and making your browser trust it." Mark Marus | Sciencx [Online]. Available: https://www.scien.cx/2022/11/05/creating-a-self-signed-ssl-certificate-and-making-your-browser-trust-it/. [Accessed: ]

rf:citation

» creating a self signed ssl certificate and making your browser trust it | Mark Marus | Sciencx | https://www.scien.cx/2022/11/05/creating-a-self-signed-ssl-certificate-and-making-your-browser-trust-it/ |

Please log in to upload a file.

There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.