The following guide creates a Self-Signed SSL Certificate for internal use with a validity of 1 year. Sources used to create this guide:
Mozilla Wiki - SecurityEngineering/x509Certs Medium - Create your own Certificate AuthorityI used Raspberry Pi OS (bullseye) to create the SSL certificates.
Step 1 : Create the CA Private Key
openssl genrsa -des3 -out CAPrivate.key 2048Step 2: Generate the CA Root certificate
openssl req -x509 -new -nodes -key CAPrivate.key -sha256 -days 365 -out CAPrivate.pemStep 3 : Create a Private Key
openssl genrsa -out MyPrivate.key 2048Step 4 : Generate the CSR
openssl req -new -key MyPrivate.key -extensions v3_ca -out MyRequest.csrStep 5: Create extensions file to specify subjectAltName Create an extensions file named: openssl.ss.cnf
File Contents of openssl.ss.cnf (replace *.mydomain.tld with your domain):
basicConstraints=CA:FALSE
subjectAltName=DNS:*.mydomain.tld
extendedKeyUsage=serverAuthStep 6: Generate the Certificate using the CSR
openssl x509 -req -in MyRequest.csr -CA CAPrivate.pem -CAkey CAPrivate.key -CAcreateserial -extfile openssl.ss.cnf -out MyCert.crt -days 365 -sha256Step 7: Install the Certificate / Private Key on your Web Server / Application
- Read the manual of the Web Server / Application to install SSL certificates.
Step 8: Copy the CA Root certificate and import it in the proper Certificate Store of the OS/Application
- [Windows] Copy CAPrivate.pem to computer, rename to CAPrivate.crt and import to Trusted Root Authorities Store.
Please read the following disclaimer before making changes to your device / software:
Iām not responsible for bricked devices, dead SD cards, thermonuclear war, or you getting fired because the alarm app failed. YOU are choosing to make these modifications, and if you point the finger at me for messing up your device, I will laugh at you. Your warranty will be void if you tamper with any part of your device / software.
