This will start an interactive script which will ask you for various bits of information. openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem The next step is to self-sign this certificate. You can also create a key that is password protected by adding -des3: openssl genrsa -des3 -out rootCA.key 2048 This is the basis of all trust for your certificates, and if someone gets a hold of it, they can generate certificates that your browser will accept. Important note: Keep this private key very private. In the example below, I’m creating a 2048 bit key: openssl genrsa -out rootCA.key 2048 The first step is to create the private root key which only takes one step. Once you do these steps, you’ll end up with a root SSL certificate that you’ll install on all of your desktops, and a private key you’ll use to sign the certificates that get installed on your various devices. Once you do that, every device that you manage via HTTPS just needs to have its own certificate created with the following steps:Ĭreating the root certificate is easy and can be done quickly.
Install root CA on your various workstations.The process for creating your own certificate authority is pretty straight forward: We will be using OpenSSL to create own private certificate authority.
Creating own SSL CA to dump our self-signed certificate
0 kommentar(er)
