ETOOBUSY 🚀 minimal blogging for the impatient
Sometimes you want to test SSL/TLS on a server and you want to experiment a bit before getting the real stuff. In these cases, having a private Certification Authority (CA) can become handy to uncover errors early.
The script below aims at easing this task.
Also found locally.
Easy to use, just one setup command and then only signing and certificate creation.
This will generate files
ca.key (private key for the CA) and
(certificate, with the public key inside). Keep
ca.crt to clients and make them trust it.
# some-server.csr comes from a need to generate a certificate ./root-ca.sh sign some-server.csr
Again, remember that your clients will need to trust
If you need to generate a server certificate on the fly,
openssl can be
your friend again:
openssl req -new -out server.csr -days 3650 \ -subj '/CN=server.example.com/C=IT/ST=Roma/L=Roma/O=What/OU=Ever' \ -newkey rsa:2048 -nodes -keyout server.key
Want to know more? Intermediate CAs are hard! is a follow-up post on this topic. 😎