Issue your own Certificates
Issue your own certificates
We are using the openssl tool.
Set up Certification Authority (CA)
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/CN=My Personal CA" \
-key ca.key \
-out ca.crtSafeguard ca.key with your life. Just kidding. Just make sure it is not scattered around carelessly or easily accessible by you or anyone else.
Prepare Certificate Signing Request (CSR)
openssl genrsa -out webserver.key 2048
openssl req -sha512 -new \
-subj "/CN=webserver.internal" \
-key webserver.key \
-out webserver.csrIf you want to add some Subject Alternative Names (SAN):
openssl genra -out webserver.key 2048
openssl req -sha512 -new \
-subj "/CN=webserver.internal" \
-addext "subjectAltName = DNS:webserver.internal, DNS::monitoring.internal, IP:192.168.100.101"
-key webserver.key \
-out webserver.csrIssue Certificate
openssl x509 -req -sha512 -days 365 \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in webserver.csr \
-out webserver.crt