When working in development environments, it might be necessary to generate your own Certificate Authority (CA) and SSL certificates for testing purposes. These instructions use OpenSSL, a powerful toolkit for the SSL and TLS protocols. Below, I've detailed how to create these certificates on Windows, but similar processes can be applied across different platforms.
First, you will need OpenSSL. If you are on Windows, you can download OpenSSL from here.
Creating the Certificate Authority (CA)
Generate a private key for the CA using the following command:
openssl genpkey -algorithm rsa -aes256 -out ca.key
Create a new self-signed x509 certificate for the CA:
openssl req -new -x509 -days 800 -key ca.key -sha512 -out ca.crt
Once the CA is successfully created, you can import the
ca.crtinto your Local Computer Certificates -> Trusted Root Certification Authorities via MMC on Windows.
Creating the Server SSL Certificate
Generate a private key for the server:
openssl genpkey -algorithm rsa -aes256 -out server.key
Create a configuration file
server.cnffor generating the Certificate Signing Request (CSR):
[req] default_bits = 2048 default_keyfile = server.key distinguished_name = req_distinguished_name req_extensions = req_ext x509_extensions = san_ext prompt = no [req_distinguished_name] countryName = CN stateOrProvinceName = Shanghai localityName = Pudong organizationName = JIANG SHENG commonName = joji-hyper [req_ext] subjectAltName = @alt_names [san_ext] subjectAltName = @alt_names [alt_names] DNS.1 = localhost DNS.2 = 127.0.0.1 DNS.3 = 192.168.1.2 DNS.4 = joji-hyper
Use the private key to create a CSR:
openssl req -new -key server.key -out server.csr -config server.cnf
Sign the CSR with the CA certificate to get the server certificate:
openssl x509 -req -days 800 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -extensions san_ext -extfile server.cnf
If your server is IIS, you will need to convert the certificate and key into PFX format:
openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt
I hope these instructions are helpful for your development journey. Feel free to reference this guide whenever you need to create a new certificate for testing or development purposes.