#Generate test certificates using openssl 1.1.1
- Install openssl v1.1.1
brew install openssl@1.1
- Generate the CA certificate key and your certificate key:
openssl genrsa -out <ca-cert-name>.key 2048
openssl genrsa -out <certificate-name>.key 2048
- Generate the CA certificate
openssl req -x509 -new -nodes -key <ca-cert-name>.key -sha256 -days 3650 -out <ca-cert-name> -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=Acme Root CA"
- Create the request config file
ca.conf
[req]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
[req_distinguished_name]
countryName = CN
stateOrProvinceName = GD
organizationName = Acme
commonName = Acme Root CA
[req_ext]
subjectAltName = @alt_names
[alt_names]
IP.1 = 127.0.0.1
[SAN]
subjectAltName=IP:127.0.0.1
- Create the Certificate Signing Request
/usr/local/opt/openssl@1.1/bin/openssl req -new -sha256 -key <certificate-name>.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=Acme Root CA" -reqexts SAN -config ca.conf -out ca.csr
- Sign the certificate
/usr/local/opt/openssl@1.1/bin/openssl x509 -req -in ca.csr -CA <ca-cert-name> -CAkey ca.key -CAcreateserial -out <certificate-name>.crt -days 3650 -sha256 -extfile ca.conf -extensions req_ext
/usr/local/opt/openssl@1.1/bin/openssl x509 -req -in ca.csr -CA <ca-cert-name> -CAkey ca.key -CAcreateserial -out <certificate-name>.crt -days 3650 -sha256