Generate self signed certificates

In this post, I’m explaining how to generate a wildcard certificate for the custom domain with openssl, using a custom Certificate Authority. You can find the script in my Github repository https://github.com/tosokr/Azure/blob/master/certificates/generateCertificates.sh

1. Set the domain name

   domainName="mycustomdomain.com"
   

2. Create the Root private key. Remove -des3 to create passwordless private key

   openssl genrsa -des3 -out rootCA.key 4096
   

3. Create and self sign the Root Certificate

   openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crt
   

4. Create the private certificate key

   openssl genrsa -out $domainName.key 2048
   

5. Make sure that .rnd file is available

   touch .rnd
   

6. Create the certificate signing requests

   openssl req -new -sha256 -key $domainName.key -subj /CN=*.$domainName -out $domainName.csr 
   

7. Create the V3 extensions file

   cat > v3.ext <<EOF
    authorityKeyIdentifier=keyid,issuer
    basicConstraints=CA:FALSE
    keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
    subjectAltName = @alt_names
    [alt_names]
    DNS.1 = *.$domainName
   EOF
   

8. Generate the certificates using the mydomain csr and key along with the CA Root key

   openssl x509 -req -in $domainName.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out $domainName.crt -days 730 -sha256 -extfile v3.ext
   

9. Generate pfx file for the certificate

   openssl pkcs12 -export -out $domainName.pfx -inkey $domainName.key -in $domainName.crt