A lot of times I’ll need to quickly generate an SSL CA and sign some SSL certs. This can be for a variety of reasons. Maybe I need to test out an SSL configuration. Maybe I want to use throw away SSL connections that aren’t public and don’t matter. Regardless on how it’s used, here’s a fast way to generate a self-signed CA, a private key, a CSR, and finally a signed certificate.
Testing/internal use only. Managing PKI should be done with care.
- Generate the CA key/cert:
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=US/ST=NY/L=NY/O=Me/CN=ca.lab.lan" -keyout CA.key -out CA.crt
- Generate the client key:
openssl genrsa -out server.key 4096
- Generate the CSR:
openssl req -new -subj "/C=US/ST=NY/L=NY/O=Me/CN=server.lab.lan" -key server.key -out server.csr
- Create the signed certificate:
openssl x509 -req -in server.csr -CA CA.crt -CAkey CA.key -CAcreateserial -out server.crt -days 365
Doneski. Now you can rapidly test your SSL configurations. I recently used this to play around with SSL and topbeat for elasticsearch. Enjoy.
shout out to the links that got me there: