https://wiki.discord.digital/index.php?title=How_to_become_a_local_TLS_certificate_authority&feed=atom&action=historyHow to become a local TLS certificate authority - Revision history2024-03-29T11:47:15ZRevision history for this page on the wikiMediaWiki 1.36.1https://wiki.discord.digital/index.php?title=How_to_become_a_local_TLS_certificate_authority&diff=90&oldid=prevDiscorddigital at 16:59, 13 February 20222022-02-13T16:59:43Z<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 16:59, 13 February 2022</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l57">Line 57:</td>
<td colspan="2" class="diff-lineno">Line 57:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>This is a restriction Apple specifically made for their devices on self-signed certificates.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>This is a restriction Apple specifically made for their devices on self-signed certificates.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>|}</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>|}</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><p>After entering the password your CA you will have following files:</p></div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><p>After entering the password <ins style="font-weight: bold; text-decoration: none;">of </ins>your CA you will have following files:</p></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>*/opt/DigitalWeb/digitalweb.domain.lan.crt</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>*/opt/DigitalWeb/digitalweb.domain.lan.crt</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>*/opt/DigitalWeb/digitalweb.domain.lan.ext</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>*/opt/DigitalWeb/digitalweb.domain.lan.ext</div></td></tr>
<!-- diff cache key discorddigital_mediawiki_1:diff::1.12:old-48:rev-90 -->
</table>Discorddigitalhttps://wiki.discord.digital/index.php?title=How_to_become_a_local_TLS_certificate_authority&diff=48&oldid=prevDiscorddigital: Reverted edits by Discorddigital (talk) to last revision by Pixl2021-02-28T11:27:51Z<p>Reverted edits by <a href="/Special:Contributions/Discorddigital" title="Special:Contributions/Discorddigital">Discorddigital</a> (<a href="/index.php?title=User_talk:Discorddigital&action=edit&redlink=1" class="new" title="User talk:Discorddigital (page does not exist)">talk</a>) to last revision by <a href="/index.php?title=User:Pixl&action=edit&redlink=1" class="new" title="User:Pixl (page does not exist)">Pixl</a></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 11:27, 28 February 2021</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l23">Line 23:</td>
<td colspan="2" class="diff-lineno">Line 23:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><h3>Generating the root certificate file</h3></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><h3>Generating the root certificate file</h3></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><code>openssl req -x509 -new -nodes -key DigitalCA.key -sha256 -days 1825 -out DigitalCA.pem</code></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><code>openssl req -x509 -new -nodes -key DigitalCA.key -sha256 -days 1825 -out DigitalCA.pem</code></div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">{| style="border:1px solid black"</ins></div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;"><!-- Info for Apple users: </del>If you create this CA for Apple devices. Do not exceed 825 days, otherwise the certificate will be invalid.</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">| </ins>If you create this CA for Apple devices. Do not exceed 825 days, otherwise the certificate will be invalid.</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>This is a restriction Apple specifically made for their devices on self-signed certificates.</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>This is a restriction Apple specifically made for their devices on self-signed certificates. <del style="font-weight: bold; text-decoration: none;">--></del></div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">|}</ins></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><p>During the creation you will be asked to enter the password you entered earlier.</p></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><p>During the creation you will be asked to enter the password you entered earlier.</p></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><p>When asked for the Common Name I suggest you enter something you will recognize, such as DigitalCA in this case.</p></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><p>When asked for the Common Name I suggest you enter something you will recognize, such as DigitalCA in this case.</p></div></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l53">Line 53:</td>
<td colspan="2" class="diff-lineno">Line 53:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><p>Save the file and create the certificate with following command:</p></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><p>Save the file and create the certificate with following command:</p></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><code>openssl x509 -req -in digitalweb.domain.lan.csr -CA /opt/CA/DigitalCA.pem -CAkey /opt/CA/DigitalCA.key -CAcreateserial -out digitalweb.domain.lan.crt -days 825 -sha256 -extfile digitalweb.domain.lan.ext</code></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><code>openssl x509 -req -in digitalweb.domain.lan.csr -CA /opt/CA/DigitalCA.pem -CAkey /opt/CA/DigitalCA.key -CAcreateserial -out digitalweb.domain.lan.crt -days 825 -sha256 -extfile digitalweb.domain.lan.ext</code></div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;"><p><!-- Info for Apple users</del>: If you create this certificate for Apple devices. Do not exceed 825 days, otherwise the certificate will be invalid.</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">{| style="border</ins>:<ins style="font-weight: bold; text-decoration: none;">1px solid black"</ins></div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">| </ins>If you create this certificate for Apple devices. Do not exceed 825 days, otherwise the certificate will be invalid.</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>This is a restriction Apple specifically made for their devices on self-signed certificates. <del style="font-weight: bold; text-decoration: none;">--></p></del></div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>This is a restriction Apple specifically made for their devices on self-signed certificates.</div></td></tr>
<tr><td colspan="2"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">|}</ins></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><p>After entering the password your CA you will have following files:</p></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><p>After entering the password your CA you will have following files:</p></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>*/opt/DigitalWeb/digitalweb.domain.lan.crt</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>*/opt/DigitalWeb/digitalweb.domain.lan.crt</div></td></tr>
<!-- diff cache key discorddigital_mediawiki_1:diff::1.12:old-47:rev-48 -->
</table>Discorddigitalhttps://wiki.discord.digital/index.php?title=How_to_become_a_local_TLS_certificate_authority&diff=47&oldid=prevDiscorddigital at 11:27, 28 February 20212021-02-28T11:27:32Z<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 11:27, 28 February 2021</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l23">Line 23:</td>
<td colspan="2" class="diff-lineno">Line 23:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><h3>Generating the root certificate file</h3></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><h3>Generating the root certificate file</h3></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><code>openssl req -x509 -new -nodes -key DigitalCA.key -sha256 -days 1825 -out DigitalCA.pem</code></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><code>openssl req -x509 -new -nodes -key DigitalCA.key -sha256 -days 1825 -out DigitalCA.pem</code></div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">{| style="border</del>:<del style="font-weight: bold; text-decoration: none;">1px solid black"</del></div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">| </del>If you create this CA for Apple devices. Do not exceed 825 days, otherwise the certificate will be invalid.</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"><!-- Info for Apple users</ins>: If you create this CA for Apple devices. Do not exceed 825 days, otherwise the certificate will be invalid.</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>This is a restriction Apple specifically made for their devices on self-signed certificates.</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">|}</del></div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>This is a restriction Apple specifically made for their devices on self-signed certificates. <ins style="font-weight: bold; text-decoration: none;">--></ins></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><p>During the creation you will be asked to enter the password you entered earlier.</p></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><p>During the creation you will be asked to enter the password you entered earlier.</p></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><p>When asked for the Common Name I suggest you enter something you will recognize, such as DigitalCA in this case.</p></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><p>When asked for the Common Name I suggest you enter something you will recognize, such as DigitalCA in this case.</p></div></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l53">Line 53:</td>
<td colspan="2" class="diff-lineno">Line 53:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><p>Save the file and create the certificate with following command:</p></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><p>Save the file and create the certificate with following command:</p></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><code>openssl x509 -req -in digitalweb.domain.lan.csr -CA /opt/CA/DigitalCA.pem -CAkey /opt/CA/DigitalCA.key -CAcreateserial -out digitalweb.domain.lan.crt -days 825 -sha256 -extfile digitalweb.domain.lan.ext</code></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><code>openssl x509 -req -in digitalweb.domain.lan.csr -CA /opt/CA/DigitalCA.pem -CAkey /opt/CA/DigitalCA.key -CAcreateserial -out digitalweb.domain.lan.crt -days 825 -sha256 -extfile digitalweb.domain.lan.ext</code></div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">{| style="border</del>:<del style="font-weight: bold; text-decoration: none;">1px solid black"</del></div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"><p><!-- Info for Apple users</ins>: If you create this certificate for Apple devices. Do not exceed 825 days, otherwise the certificate will be invalid.</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">| </del>If you create this certificate for Apple devices. Do not exceed 825 days, otherwise the certificate will be invalid.</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>This is a restriction Apple specifically made for their devices on self-signed certificates.</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>This is a restriction Apple specifically made for their devices on self-signed certificates. <ins style="font-weight: bold; text-decoration: none;">--></p></ins></div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">|}</del></div></td><td colspan="2"></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><p>After entering the password your CA you will have following files:</p></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><p>After entering the password your CA you will have following files:</p></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>*/opt/DigitalWeb/digitalweb.domain.lan.crt</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>*/opt/DigitalWeb/digitalweb.domain.lan.crt</div></td></tr>
<!-- diff cache key discorddigital_mediawiki_1:diff::1.12:old-20:rev-47 -->
</table>Discorddigitalhttps://wiki.discord.digital/index.php?title=How_to_become_a_local_TLS_certificate_authority&diff=20&oldid=prevPixl: Added Let's Encrypt link2021-02-27T20:00:41Z<p>Added Let's Encrypt link</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 20:00, 27 February 2021</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l2">Line 2:</td>
<td colspan="2" class="diff-lineno">Line 2:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><p>This guide will show you how to create your own local certificate authority and how to create and sign certificates with it.</p></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><p>This guide will show you how to create your own local certificate authority and how to create and sign certificates with it.</p></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><p>You can use this for local web development, or for anything that requires a self-signed certificate.</p></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><p>You can use this for local web development, or for anything that requires a self-signed certificate.</p></div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><p>For external websites that are available through the internet I recommend using Let’s Encrypt which is free.</p></div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><p>For external websites that are available through the internet I recommend using <ins style="font-weight: bold; text-decoration: none;">[https://letsencrypt.org/ </ins>Let’s Encrypt<ins style="font-weight: bold; text-decoration: none;">] </ins>which is free.</p></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><h2>Prerequisites</h2></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><h2>Prerequisites</h2></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><p>Before you can start you need to fulfill following conditions to make this guide work:</p></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><p>Before you can start you need to fulfill following conditions to make this guide work:</p></div></td></tr>
<!-- diff cache key discorddigital_mediawiki_1:diff::1.12:old-10:rev-20 -->
</table>Pixlhttps://wiki.discord.digital/index.php?title=How_to_become_a_local_TLS_certificate_authority&diff=10&oldid=prevDiscorddigital at 18:35, 27 February 20212021-02-27T18:35:28Z<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 18:35, 27 February 2021</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l79">Line 79:</td>
<td colspan="2" class="diff-lineno">Line 79:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Then we search on top of the page for: "enterprise_root", we can set the option to <b>True</b> by double clicking it.</p></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Then we search on top of the page for: "enterprise_root", we can set the option to <b>True</b> by double clicking it.</p></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><p>Firefox will now check against any certificate authorities you imported on your operating system.</p></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><p>Firefox will now check against any certificate authorities you imported on your operating system.</p></div></td></tr>
<tr><td colspan="2"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">[[Category:cryptography]]</ins></div></td></tr>
<tr><td colspan="2"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">[[Category:certificates]]</ins></div></td></tr>
<tr><td colspan="2"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">[[Category:Web development]]</ins></div></td></tr>
<!-- diff cache key discorddigital_mediawiki_1:diff::1.12:old-8:rev-10 -->
</table>Discorddigitalhttps://wiki.discord.digital/index.php?title=How_to_become_a_local_TLS_certificate_authority&diff=8&oldid=prevDiscorddigital: Created page with "<h2>Prologue</h2> <p>This guide will show you how to create your own local certificate authority and how to create and sign certificates with it.</p> <p>You can use this for l..."2021-02-27T18:28:07Z<p>Created page with "<h2>Prologue</h2> <p>This guide will show you how to create your own local certificate authority and how to create and sign certificates with it.</p> <p>You can use this for l..."</p>
<p><b>New page</b></p><div><h2>Prologue</h2><br />
<p>This guide will show you how to create your own local certificate authority and how to create and sign certificates with it.</p><br />
<p>You can use this for local web development, or for anything that requires a self-signed certificate.</p><br />
<p>For external websites that are available through the internet I recommend using Let’s Encrypt which is free.</p><br />
<h2>Prerequisites</h2><br />
<p>Before you can start you need to fulfill following conditions to make this guide work:</p><br />
#Have a Linux system with openssl installed.<br />
#Be administrator or have root privileges on the systems you want to install the certificate on.<br />
#Know basic linux commands and have a rough understanding of how CA certificates work.<br />
<br />
<h2>Creating the certificate authority</h2><br />
<h3>Generating the CA key file</h3><br />
<p>At this point we need to give our certificate authority a name.<br><br />
I decided to name it "DigitalCA".</p><br />
<p>We create a folder to put our CA files in:</p><br />
<code>sudo mkdir -p /opt/CA/</code><br />
<p>Change the directory to the newly created folder:</p><br />
<code>cd /opt/CA/</code><br />
<p>Then we create our certificate key file:</p><br />
<code>openssl genrsa -des3 -out DigitalCA.key 2048</code><br />
<p>You will be prompted to enter a password. <br><br />
Do not skip this step, the password will be used everytime you sign a certificate.</p><br />
<h3>Generating the root certificate file</h3><br />
<code>openssl req -x509 -new -nodes -key DigitalCA.key -sha256 -days 1825 -out DigitalCA.pem</code><br />
{| style="border:1px solid black"<br />
| If you create this CA for Apple devices. Do not exceed 825 days, otherwise the certificate will be invalid.<br />
This is a restriction Apple specifically made for their devices on self-signed certificates.<br />
|}<br />
<p>During the creation you will be asked to enter the password you entered earlier.</p><br />
<p>When asked for the Common Name I suggest you enter something you will recognize, such as DigitalCA in this case.</p><br />
<p>At this point you're done, make sure to remember the password and backup these files safely.</p><br />
<h2>Creating a certificate for a local website</h2><br />
<p>First we define a folder to put our files in. <br><br />
In this case I chose "/opt/DigitalWeb", as the DNS name will be digitalweb.domain.lan</p><br />
<code>sudo mkdir -p /opt/DigitalWeb</code><br />
Then we navigate into our folder.</p><br />
<code>cd /opt/DigitalWeb</code><br />
<p>We create the key file for our DigitalWeb website:</p><br />
<code>openssl genrsa -out digitalweb.domain.lan.key 2048</code><br />
<p>Next we create the CSR file which we need later to sign it with our CA.</p><br />
<code>openssl req -new -key digitalweb.domain.lan.key -out digitalweb.domain.lan.csr</code><br />
<p>You will be asked a lot of questions. Make sure when it asks for Common Name to enter the server FQDN. In this case: digitalweb.domain.lan</p><br />
<p>We create a new file named: digitalweb.domain.lan.ext</p><br />
<p>Paste in following text and adjust it to your needs.<br><br />
You can add more DNS names at the bottom.</p><br />
<pre>authorityKeyIdentifier=keyid,issuer<br />
basicConstraints=CA:FALSE<br />
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment<br />
subjectAltName = @alt_names<br />
<br />
[alt_names]<br />
DNS.1 = digitalweb.domain.lan</pre><br />
<p>Save the file and create the certificate with following command:</p><br />
<code>openssl x509 -req -in digitalweb.domain.lan.csr -CA /opt/CA/DigitalCA.pem -CAkey /opt/CA/DigitalCA.key -CAcreateserial -out digitalweb.domain.lan.crt -days 825 -sha256 -extfile digitalweb.domain.lan.ext</code><br />
{| style="border:1px solid black"<br />
| If you create this certificate for Apple devices. Do not exceed 825 days, otherwise the certificate will be invalid.<br />
This is a restriction Apple specifically made for their devices on self-signed certificates.<br />
|}<br />
<p>After entering the password your CA you will have following files:</p><br />
*/opt/DigitalWeb/digitalweb.domain.lan.crt<br />
*/opt/DigitalWeb/digitalweb.domain.lan.ext<br />
*/opt/DigitalWeb/digitalweb.domain.lan.csr<br />
*/opt/DigitalWeb/digitalweb.domain.lan.key<br />
<p>Using the crt and key file you can now use it within any webserver and run the page with that certificate.</p><br />
<p>Keep in mind, for that certificate to be valid, the device needs to have the CA installed.</br><br />
In the next step we will import our certificate to a Windows computer, this works on phones, tablets and also on linux.</p><br />
<h2>Importing the CA certificate on Windows</h2><br />
<p>We open our settings for "computer certificates", we can do that by searching it on Windows.</p><br />
<p>Then we right click "Trusted Root Certification Authorities" and go to "All Tasks" and "Import".</p><br />
<p>The window you're looking for looks like this:</p><br />
[[File:Windows_computer_certificate_import.png]]<br />
<p>In this case we import the file <b>DigitalCA.pem</b></p><br />
<p>After it has been imported, it will work out of the box on all browsers except Firefox.</p><br />
<p>For Firefox follow the next step in this guide.</p><br />
<h3>Configuring Firefox to allow certificate authorities from the computer</h3><br />
<p>In the URL bar of Firefox we type in:</p><br />
<code>about:config</code><br />
<p>We will be prompted with a security warning, we confirm it with "Accept the risk and continue".<br><br />
Then we search on top of the page for: "enterprise_root", we can set the option to <b>True</b> by double clicking it.</p><br />
<p>Firefox will now check against any certificate authorities you imported on your operating system.</p></div>Discorddigital