How to self-sign ssl certificate with CA

I have used a lot of time on how to make self-signed certificate with your own certificate, and a lot of the tutorials on the web will tell you how to create a certificate that is insecure and where the browser will tell you that.

First start by creating your CA key:

openssl genrsa -out ca.key 4096

Next we need to create our CA certificate
Here you have to fill in information about your company, it does not really matter as you have to trust it yourself.

openssl req -new -x509 -days 1826 -key ca.key -out ca.crt

Next we have to create a certificate for that server we want to use SSL on

openssl genrsa -out server.key 4096

After that we need certificate request, it is here you have to fill in the domain name that you are going to use the certificate with:

openssl req -new -key server.key -out server.csr

Then lastly we can create our server certificate

openssl x509 -req -days 730 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

Now you can use server.crt and server.key on your https server

Image for post
Image for post

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store