A lot of times I’ll need to quickly generate an SSL CA and sign some SSL certs. This can be for a variety of reasons. Maybe I need to test out an SSL configuration. Maybe I want to use throw away SSL connections that aren’t public and don’t matter. Regardless on how it’s used, here’s a fast way to generate a self-signed CA, a private key, a CSR, and finally a signed certificate.

Testing/internal use only. Managing PKI should be done with care.

the stuffs

• Generate the CA key/cert:

openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=US/ST=NY/L=NY/O=Me/CN=ca.lab.lan" -keyout CA.key -out CA.crt

• Generate the client key:

openssl genrsa -out server.key 4096

• Generate the CSR:

openssl req -new -subj "/C=US/ST=NY/L=NY/O=Me/CN=server.lab.lan" -key server.key -out server.csr

• Create the signed certificate:

openssl x509 -req -in server.csr -CA CA.crt -CAkey CA.key -CAcreateserial -out server.crt -days 365

Doneski. Now you can rapidly test your SSL configurations. I recently used this to play around with SSL and topbeat for elasticsearch. Enjoy.

-b

links

shout out to the links that got me there:

• https://help.github.com/enterprise/11.10.340/admin/articles/using-self-signed-ssl-certificates/
• http://blog.didierstevens.com/2008/12/30/howto-make-your-own-cert-with-openssl/
• http://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl