The post is taken from betterprograming.pub and xcad2k
Certificate Authority (CA)
Generate a private key and self-signed certificate:
openssl req -x509 -nodes -new -sha512 \
-days 365 -newkey rsa:4096 -keyout ca.key \
-out ca.pem -subj "/C=US/CN=MY-CA"
Create a .crt certificate file:
openssl x509 -outform pem -in ca.pem -out ca.crt
Domain name certificate
Generate an x509 v3 extension file:
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
# Local hosts
DNS.1 = localhost
DNS.2 = 127.0.0.1
DNS.3 = ::1
# List your domain names here
DNS.4 = local.dev
DNS.5 = my-app.dev
DNS.6 = local.some-app.dev
EOF
Generate a private key and certificate sign request (CSR):
openssl req -new -nodes -newkey rsa:4096 \
-keyout localhost.key -out localhost.csr \
-subj "/C=US/ST=State/L=City/O=Some-Organization-Name/CN=localhost"
Generate a self-signed certificate:
openssl x509 -req -sha512 -days 365 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in localhost.csr \
-out localhost.crt
Trusting the CA
To get a secure lock, your new local CA has to be trusted in your machine. This process varies across operating systems and will suffice for most browsers. If you are using Firefox, the process varies a bit.
Windows 10 — Chrome, IE11, and Edge
Double-click on the certificate (ca.crt).
Click on the “Install Certificate” button.
Select whether you want to store it at the user or machine level.
Click “Next.”
Select “Place all certificates in the following store.”
Click “Browse.”
Select “Trusted Root Certification Authorities.”
Click “OK.”
Click “Next.”
Click “Finish.”
If you get a prompt, click “Yes.”
Also install the ca-cert into windows trusted store
with admin powershell
Import-Certificate -FilePath "C:\ca.crt" -CertStoreLocation Cert:\LocalMachine\Root