Guide for creating self-signed development certs using OpenSSL
Root-CA:
1) openssl genrsa -aes256 -out localhost-root-ca.key 4096
2) openssl req -out localhost-root-ca.csr -key localhost-root-ca.key -new -sha256
CN = localhost
-or-
CN = fully qualified domain name
3) openssl x509 -req -days 3000 -in localhost-root-ca.csr -signkey localhost-root-ca.key -out localhost-root-ca.pem -sha256
4) openssl pkcs12 -export -out localhost-root-ca.p12 -inkey localhost-root-ca.key -in localhost-root-ca.pem
- Add Root-CA certificate (either localhost-root-ca.p12 or localhost-root-ca.pem to Trusted Root CA's of the host)
Device:
5) openssl genrsa -aes256 -out localhost.key 4096
6) openssl req -new -key localhost.key -out localhost.csr -sha256
OU = Local development certificate
CN = localhost
7) openssl x509 -req -in localhost.csr -CA localhost-root-ca.pem -CAkey localhost-root-ca.key -CAcreateserial -out localhost.pem -days 1000 -sha256
8) openssl pkcs12 -export -out localhost.p12 -inkey localhost.key -in localhost.pem -certfile localhost-root-ca.pem
- Add development certificate to Trusted Root CA's of local host.
- For any development servers, utilize the localhost.key and localhost.pem
!! Note that P12 formatted cert contains private key !!