REF: https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development/
openssl genrsa -des3 -out myCA.key 2048
openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem
To install on a mac, via Terminal:
sudo security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" myCA.pem
Create a private key.
openssl genrsa -out dev.local.key 2048
Then, create a CSR.
openssl req -new -key dev.local.key -out dev.local.csr
jberry@Metaverse ~ % vi v3.ext
jberry@Metaverse ~ % cat v3.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = DNS:*.local
jberry@Metaverse ~ %
openssl x509 -req -in dev.local.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial \
-out dev.local.crt -days 825 -sha256 -extfile v3.ext
dev.local.key & dev.local.crt are the private key and the signed certificate, respectively.
To convert the crt to pem:
openssl x509 -in dev.local.crt -out dev.local.pem -outform PEM
openssl x509 -text -noout -in dev.loal.pem
#!/bin/sh
if [ "$#" -ne 1 ]
then
echo "Usage: Must supply a domain"
exit 1
fi
DOMAIN=$1
cd ~/certs
openssl genrsa -out $DOMAIN.key 2048
openssl req -new -key $DOMAIN.key -out $DOMAIN.csr
cat > $DOMAIN.ext << EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = $DOMAIN
EOF
openssl x509 -req -in $DOMAIN.csr -CA ../myCA.pem -CAkey ../myCA.key -CAcreateserial \
-out $DOMAIN.crt -days 825 -sha256 -extfile $DOMAIN.ext