quickly generate self-signed ca and cert

A lot of times I’ll need to quickly generate an SSL CA and sign some SSL certs. This can be for a variety of reasons. Maybe I need to test out an SSL configuration. Maybe I want to use throw away SSL connections that aren’t public and don’t matter. Regardless on how it’s used, here’s a fast way to generate a self-signed CA, a private key, a CSR, and finally a signed certificate.

Testing/internal use only. Managing PKI should be done with care.

the stuffs

  • Generate the CA key/cert:
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=US/ST=NY/L=NY/O=Me/CN=ca.lab.lan" -keyout CA.key -out CA.crt
  • Generate the client key:
openssl genrsa -out server.key 4096
  • Generate the CSR:
openssl req -new -subj "/C=US/ST=NY/L=NY/O=Me/CN=server.lab.lan" -key server.key -out server.csr
  • Create the signed certificate:
openssl x509 -req -in server.csr -CA CA.crt -CAkey CA.key -CAcreateserial -out server.crt -days 365

Doneski. Now you can rapidly test your SSL configurations. I recently used this to play around with SSL and topbeat for elasticsearch. Enjoy.



shout out to the links that got me there: