richRemer/tls-certs.md

Created March 21, 2023 16:06

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Select an option

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/richRemer/3c1fd463c92da00a20c2d96b568d09f8.js"></script>
Save richRemer/3c1fd463c92da00a20c2d96b568d09f8 to your computer and use it in GitHub Desktop.

Download ZIP

TLS certificate notes

Raw

tls-certs.md

Create CA

C=US
CN=Example-Root-CA
SUBJ="/C=$C/CN=$CN"

openssl req -x509 -nodes -new -sha256 -days 1024 -newkey rsa:2048 -keyout ca.key -out ca.crt -subj "$SUBJ"

Create CSR

C=US
ST=California
L="San Diego"
O=ACME
CN=example.com
SUBJ="/C=$C/ST=$ST/L=$L/O=$O/CN=$CN"

openssl req -new -nodes -newkey rsa:2048 -keyout $CN.key -out $CN.csr -subj "$SUBJ"

Sign CSR

CN=example.com
EXTFILE="
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = $CN
DNS.2 = *.$CN
"

openssl x509 -req -sha256 -days 1024 -in $CN.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out $CN.crt \
  -extfile <( echo "$EXTFILE" )

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment