This article was originally posted on my personal blog.
Creating a self-signed certificate is quite simple. However, Google Chrome flags most of them as insecure and doesn't even give you the "proceed" button/link.
In order to make it work, you need to add -addext "extendedKeyUsage = serverAuth"
in the openssl
command. Here is a complete example
openssl req \
-x509 \
-nodes \
-days 365 \
-newkey rsa:2048 \
-keyout server.key \
-out server.crt \
-addext "extendedKeyUsage = serverAuth"
This command will give you two files: server.key
and server.crt
.
If you want to run the same command in a non-interactive mode you just add -subj "/C=US/ST=State/L=Locality/O=Organization/CN=www.example.com"
Top comments (0)