CA
1. Generate CA Key and Certificate
Generate RSA Key
openssl genrsa -des3 -out myCA.key 4096
Generate CA Certificate
openssl req -x509 -new -nodes -key myCA.key -sha512 -days 3650 -out myCA.pem
2. Generate CSR File for your website
Generate an CSR, here in the example for domain.example.com
Generate RSA Key
openssl genrsa -out domain.example.com.key 4096
Generate CSR
openssl req -new -key domain.example.com.key -out domain.example.com.csr
Answer some Questions
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) :DE
State or Province Name (full name) :Saarland
Locality Name (eg, city) :Homburg
Organization Name (eg, company) :Homelab
Organizational Unit Name (eg, section) : Homelab Chris
Common Name (e.g. server FQDN or YOUR name) []:domain.example.com
Email Address :
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password :
An optional company name :3. Create SSL Certificate with CSR File and CA File
You will also need and plaintext .ext file for additional information (DNS Settings etc.
Create .ext File
File Named domain.example.com.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[shortnames]
DNS.1 = domain.example.comCreate the Certificate
openssl x509 -req -in domain.example.com.csr -CA myCA.pem -CAkey myCA.key \ -CAcreateserial -out domain.example.com.crt -days 3650 -sha512 -extfile domain.example.com.ext
The 2 Files domain.example.com.csr (Certificate) and domain.example.com.key (Key) can now be used for secure SSL Encryption with HTTPS