Windows CLI / Linux CLI / Docker. SSL сертификат для локальной сети своими руками.
 
 

### Documentation:
https://betterprogramming.pub/trusted-self-signed-certificate-and-local-domains-for-testing-7c6e6e3f9548 
### Enable on FireFox
https://blog.jeroenhd.nl/article/firefox-for-android-using-a-custom-certificate-authority 
 

##########

FOLDER STRUCTURE 

OS Linux (Docker):

/srv/sewa/cert001

All the same on HDD is in folder: 

C:\_A001\REPOS\OWN\server001\server\srv\sewa\cert001

 

 

 

##########

### ACTIONS:
### on Linux

### Generate root ssl certificate.

cd /srv/sewa/cert001
openssl genrsa -des3 -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1460 -out rootCA.pem

 

### Add root certificate on windows

cd C:\_A001\REPOS\OWN\server001\server\srv\sewa\cert001
certutil -addstore -f "ROOT" rootCA.pem

### ~outputs

ROOT "Trusted Root Certification Authorities"
Signature matches Public Key
Certificate "Sewa" added to store.
CertUtil: -addstore command completed successfully.

### Add root certificate on Manjaro Linux

sudo trust anchor /home/qqq/---mpoint---/REPOS/OWN/server001/server/srv/sewa/cert001/rootCA.pem
sudo update-ca-trust

##########

# Generate an SSL SAN Certificate With the Root Certificate

# FILE:
server.csr.cnf

[req]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn

[dn]
C=KZ
ST=ZKO
L=Borg
O=BorgTechService
OU=Unimatrix
emailAddress=vsevolod.azovsky@gmail.com
CN = borg.home

# FILE:
v3.ext

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = zero.home
DNS.2 = sss.zero.home
DNS.3 = vov.zero.home
DNS.4 = m45a.zero.home
DNS.5 = borg.home
DNS.6 = router.home
DNS.7 = cameras.home
DNS.8 = printer.home
DNS.9 = chat.home
DNS.10 = a.home
DNS.11 = b.home
DNS.12 = c.home
DNS.13 = d.home
DNS.14 = e.home
DNS.15 = f.home

##########

openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config server.csr.cnf
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext

 

#ТСОКРМ #ЗапискиБывалых #CLI #SSL