Lee el artículo original aquí: https://www.freecodecamp.org/
Step 1: Root SSL certificate
openssl genrsa -des3 -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem
Step 2: Domain SSL certificate
Create file server.csr.cnf and put contents:
nano server.csr.cnf
- [req]
- default_bits = 2048
- prompt = no
- default_md = sha256
- distinguished_name = dn
- [dn]
- C=CO
- ST=ANT
- L=MED
- O=NUALTEC
- OU=Development
- emailAddress=tecnologia@nualtec.com
- CN = localhost
Create file v3.ext with contents:
nano v3.ext
- authorityKeyIdentifier=keyid,issuer
- basicConstraints=CA:FALSE
- keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
- subjectAltName = @alt_names
- [alt_names]
- DNS.1 = localhost
Create a certificate key for localhost using the configuration settings stored in server.csr.cnf. This key is stored in server.key.
openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config server.csr.cnf
A certificate signing request is issued via the root SSL certificate we created earlier to create a domain certificate for localhost. The output is a certificate file called server.crt.
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext
Add these lines to apache file:
- SSLEngine on
- SSLCertificateFile /server.crt
- SSLCertificateKeyFile /server.key
