Local Certificate Authority for Self Sign Certificate

Published:   August 12, 2018

Tags:

Here we will be creating local certificate authority.

  1. Create keys for CA
  2. Add the cert to trusted keychain.
  3. Now Certificates signed with CA’s key will work without issues.
  4. Create new certs
  5. Sign the certs using our created CA

Used commands :

  • To create the root ca key: openssl genrsa -out rootCA.key 2048

    • To create password protected key: openssl genrsa -des3 -out rootCA.key 2048

  • Self sign the certificate: openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem

  • Add that cert to macos keychain to trust it.

  • Create certificates that trust are signed by this CA.

    • Create private key: openssl genrsa -out device.key 2048
    • Create CSR : openssl req -new -key device.key -out device.csr
    • Sign the key and get certificate: openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days 365 -sha256
    • Now use the private key and newly created certicate where you have trusted the base(ca) certificate and all will work fine.

Let me know if you have any questions or comments.
It will help me to improve/learn.


< Older   Further Reading   Newer >