one minute read (163 words)
Sticky Notes: Self-signed Certificate
Sometimes I need a TLS1 certificate, for some local HTTPS or other services/protocols with some level of security to play nicely.
Make sure you have openssl installed on your computer. Then run:
openssl req -nodes -new -x509 \
-keyout server.key -out server.crt \
-subj '/C=EU/L=Berlin/O=MarkentierTech/CN=myservice'
Notes:
- replace values for the parameters (
C,L,O,CN) to your needs - a self-signed certificate is usually not considered secure by browsers; you might need to add them manually to the necessary certificate stores
- use mkcert.dev if you need something slightly more sophisticated
Similar name, but different use case: mkcert.org — to get a PEM file of certificates you want to trust. For example if you want to build/use apps with custom certificate trust store.
1
Yep, I will only talk about TLS, we should really forget about SSL, because despite marketing those protocol versions shall never be used again.