Howto: Create a self-signed certificate

Updated . Posted . Visible to the public.

Option 1: Creating a self-signed certificate with the openssl binary

As igalic Show archive.org snapshot commented on this gist Show archive.org snapshot .

openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -keyout server.key -out server.crt

Explanation

req -new

Create a new request ...

-newkey
: ... using a new key ...

rsa:2048

... of type RSA, 2048 bits long.

-sha1
: Make sure to use SHA1 as this certificate's hashing algorithm,

-nodes
: don't encrypt the key and

-x509
: make it an X.509 certificate, not a Certificate Signing Request.

Option 2: Creating a self-signed certificate with the mkcert binary

The linked tool mkcert Show archive.org snapshot helps you to setup locally-trusted development certificates. We also have cards that describe how to use SSL in development with Passenger, Puma and Thin.

Installation of mkcert

mkcert will create a certificate for development without any configuration and add it to the system trust store.

Download a current pre-built binary here Show archive.org snapshot , e.g. mkcert-v1.4.4-linux-amd64. Move it to a directory in your PATH and make it executable.

$ chmod +x ~/Downloads/mkcert-v1.4.4-linux-amd64
$ mv ~/Downloads/mkcert-v1.4.4-linux-amd64 ~/bin
$ mkcert-v1.4.4-linux-amd64 localhost
Created a new local CA 💥
...

Accepting the self-signed certificate

See Web development: Accepting a self-signed certificate in Google Chrome.

Dominik Schöler
Last edit
Emanuel
License
Source code in this card is licensed under the MIT License.
Posted by Dominik Schöler to makandra dev (2013-05-03 08:05)