cert-gen
cert-gen copied to clipboard
Published
20 hours ago •
devilbox
devilbox
Generate CA and self-signed SSL certificates usable in your browser for local development.
cert-gen
Easily create your own CA and self-signed certificates.
The generated CA can be imported into Chrome, Firefox or Internet Explorer for local development. All subsequent created certificates will then be valid SSL certificates to each browser.
Table of Contents
-
Available Tools
- Tools
- Requirements
- Installation
-
Create Certificate Authoriy
- Usage: ca-gen
- Execute: ca-gen
- Example: CA
-
Create SSL Certificate
- Usage: cert-gen
- Execute: cert-gen
- Example: SSL certificate
- Import CA into Chrome
- License
Available Tools
Tools
| Tools | Description |
|---|---|
| ca-gen | Creates a certificate authority |
| cert-gen | Creates SSL certificates signed by a certificate authority |
Requirements
-
openssl -
bash
Installation
$ sudo make install
Create Certificate Authority
Usage: ca-gen
The following shows the general usage for ca-gen:
USAGE: ca-gen -n CN [-kdcslouev] <keyfile> <crtfile>
ca-gen --help
ca-gen --version
Required arguments
-n CN Common Name
Optional arguments
-k int Key size in bits
-d int Validity in days
-c C Subject two letter country name (C)
-s ST Subject state name (ST)
-l L Subject location (L)
-o O Subject organization (O)
-u OU Subject organizational unit (OU)
-e Email Subject email (emailAddress)
-v Verbose output
Required parameter
<keyfile> Path to output key file
<crtfile> Path to output cert file
Execute: ca-gen
The following command shows how the CA is generated for the Devilbox:
$ ca-gen -v -c DE -s Berlin -l Berlin -o Devilbox -u Devilbox -n devilbox.org \
-e [email protected] devilbox-rootCA.key devilbox-rootCA.crt
Example: CA
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
43:4a:c5:d2:87:cc:df:bd:f3:85:c7:9c:76:2e:52:d6:06:64:a5:83
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = DE, ST = Berlin, L = Berlin, O = Devilbox, OU = Devilbox, CN = devilbox.org, emailAddress = [email protected], dnQualifier = "1R15BhvvsVfYNh+QeB/77jYmCQE="
Validity
Not Before: Nov 30 20:48:19 2019 GMT
Not After : Nov 27 20:48:19 2029 GMT
Subject: C = DE, ST = Berlin, L = Berlin, O = Devilbox, OU = Devilbox, CN = devilbox.org, emailAddress = [email protected], dnQualifier = "1R15BhvvsVfYNh+QeB/77jYmCQE="
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:ec:70:20:32:85:db:a9:cc:b7:87:08:f8:10:
f8:2f:57:4d:3d:ca:f3:97:1a:b6:a2:20:9f:d8:a3:
8b:15:4e:6e:92:5e:28:d6:c7:8b:de:da:9c:98:2f:
23:c8:4e:ae:be:58:ec:14:a5:0d:76:4f:2c:bb:e2:
22:93:d7:0e:d9:d4:5d:54:25:93:65:11:d7:fd:59:
63:95:a5:85:98:da:20:4f:bc:d3:aa:d2:ca:d8:e6:
19:de:9e:ca:da:a0:4f:b6:2d:93:6e:81:c0:b9:34:
06:25:fd:62:75:83:96:42:12:46:93:53:01:04:17:
53:18:e3:81:5e:26:20:3d:85:6d:a4:8b:93:ed:9e:
2a:47:21:6e:54:5b:0c:11:de:a5:fd:eb:d6:37:d9:
b0:49:72:8d:97:68:53:ef:27:69:78:b5:05:75:8a:
8c:ad:a5:a1:e4:ab:04:88:42:b4:a4:d7:a8:91:99:
e3:f5:32:85:55:df:ec:1f:86:83:03:0e:5b:21:16:
17:bd:c7:71:7c:a3:8f:4b:e3:8d:ad:cc:0c:d9:6a:
93:1e:3a:2c:4f:ee:1e:07:90:d3:46:f4:58:2a:f9:
d0:41:68:c4:1d:30:2b:ab:3e:f4:4f:55:ba:37:0c:
6f:1e:9c:30:d8:81:7e:a1:4e:bc:ae:8a:b2:e7:53:
a3:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier:
D5:1D:79:06:1B:EF:B1:57:D8:36:1F:90:78:1F:FB:EE:36:26:09:01
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
X509v3 Authority Key Identifier:
keyid:D5:1D:79:06:1B:EF:B1:57:D8:36:1F:90:78:1F:FB:EE:36:26:09:01
DirName:/C=DE/ST=Berlin/L=Berlin/O=Devilbox/OU=Devilbox/CN=devilbox.org/[email protected]/dnQualifier=1R15BhvvsVfYNh+QeB/77jYmCQE=
serial:43:4A:C5:D2:87:CC:DF:BD:F3:85:C7:9C:76:2E:52:D6:06:64:A5:83
Signature Algorithm: sha256WithRSAEncryption
7b:6f:4c:56:ae:ef:76:f2:22:69:92:11:09:dd:67:85:5c:61:
a7:cb:3a:0b:6e:af:38:e5:72:33:c1:90:ae:31:2d:e6:74:93:
d3:7d:1e:e0:39:8d:d9:71:4a:bf:04:ba:07:37:99:92:ed:db:
cc:17:fc:f2:04:de:8b:ae:d1:2c:bc:84:fc:7a:c7:95:0a:4f:
44:00:88:11:2f:ce:b0:a8:c2:18:2c:86:5a:26:6d:a5:5e:fd:
41:33:52:c1:12:87:26:d2:9b:d4:87:70:58:d0:22:25:f1:47:
42:57:ca:68:b7:93:3e:0b:ee:9e:e7:24:36:de:a6:5c:eb:cf:
cb:a2:db:5d:d0:d4:35:b3:48:18:f2:96:8b:10:60:af:b8:5d:
22:ef:19:ed:a7:c9:7e:f5:b9:f8:ca:27:9a:f6:11:bf:b3:36:
12:35:99:f0:39:dd:5a:d2:f2:d6:48:b2:bf:59:8c:3d:ea:a2:
cf:56:7c:84:95:1c:1c:51:36:4c:5c:1a:d3:20:ed:5c:18:f7:
e5:4a:66:b7:5c:0d:a1:07:a6:d8:7f:4c:5a:b5:c2:fe:3d:d6:
49:fb:a6:3d:ed:e3:bc:47:3b:22:43:e8:91:31:dd:cd:9b:c2:
ad:d8:6b:01:ed:67:0f:c4:c0:c6:07:40:8b:50:a2:69:18:05:
3e:3e:85:09
Create SSL Certificate
Usage: cert-gen
The following shows the general usage for cert-gen:
USAGE: cert-gen -n CN [-kdcsloueav] <ca-key> <ca-crt> <key> <csr> <crt>
cert-gen --help
cert-gen --version
Required arguments
-n CN Common Name
Optional arguments
-k int Key size in bits
-d int Validity in days
-c C Subject two letter country name (C)
-s ST Subject state name (ST)
-l L Subject location (L)
-o O Subject organization (O)
-u OU Subject organizational unit (OU)
-e Email Subject email (emailAddress)
-a names Comma separated list of alt names (subjectAltName)
-i ips Comma separated list of alt ip addresses (subjectAltName)
-v Verbose output
Required parameter
<ca-key> Path to existing CA key file
<ca-crt> Path to existing CA crt file
<key> Path to output certificate key file
<csr> Path to output certificate csr file
<crt> Path to output certificate crt file
Execute: cert-gen
The following command shows how SSL certificates are generated for the Devilbox:
$ cert-gen -v -c DE -s Berlin -l Berlin -o Devilbox -u Devilbox \
-n project.loc -e [email protected] \
-a '*.project.loc,*.www.project.loc' \
devilbox-rootCA.key \
devilbox-rootCA.crt \
project.loc.key \
project.loc.csr \
project.loc.crt
Example: SSL Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7a:70:c7:1f:31:f2:8c:69:03:5d:6e:5a:d6:5d:44:97:47:e1:b9:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = DE, ST = Berlin, L = Berlin, O = Devilbox, OU = Devilbox, CN = devilbox.org, emailAddress = [email protected], dnQualifier = "1R15BhvvsVfYNh+QeB/77jYmCQE="
Validity
Not Before: Nov 30 20:50:11 2019 GMT
Not After : Mar 4 20:50:11 2022 GMT
Subject: C = DE, ST = Berlin, L = Berlin, O = Devilbox, OU = Devilbox, CN = project.loc, emailAddress = [email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:a7:0b:41:cd:5a:00:66:6f:94:15:3b:e5:f1:
18:84:38:48:3e:6b:7f:0a:c3:4e:51:58:0b:c9:f5:
85:86:ff:61:69:ea:b8:11:5a:b9:9f:97:c5:22:2a:
d1:f6:91:21:6e:01:ab:46:01:8c:4b:80:ba:74:a7:
ce:5f:5b:a1:ac:a3:e6:0f:ce:19:1c:ae:68:a3:60:
f9:f9:82:c1:ea:d3:eb:e5:84:1d:0c:9c:4d:94:82:
d2:ef:3d:89:ab:0e:15:01:c3:22:8e:cd:7a:49:ae:
37:9c:39:9d:40:d1:19:8d:13:3a:a6:36:e4:71:1a:
8a:10:b3:ca:b1:b2:a0:a0:e5:5d:ff:39:f9:7b:70:
85:01:bd:8f:3b:ce:92:ae:c9:6d:9c:f9:6f:99:5a:
e9:da:bb:28:95:01:9c:40:92:23:f0:1f:68:a3:a7:
d5:fc:ac:44:9a:95:63:bd:5b:6e:bd:c2:19:0e:56:
ab:47:40:57:90:74:d9:25:2e:75:b1:98:b1:82:8e:
f7:4c:b2:42:fb:a5:3c:71:14:8d:55:da:a3:00:8a:
85:ce:45:91:15:8c:35:86:3f:eb:9f:d7:68:15:bf:
24:e7:96:49:90:d4:69:71:20:89:c0:c0:c2:cd:63:
d0:66:38:1e:f6:60:d3:24:64:63:36:c0:19:51:23:
23:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
64:AE:B5:56:82:FE:E8:92:BF:9C:E0:F4:27:3D:20:79:21:CA:B4:5D
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Authority Key Identifier:
keyid:D5:1D:79:06:1B:EF:B1:57:D8:36:1F:90:78:1F:FB:EE:36:26:09:01
DirName:/C=DE/ST=Berlin/L=Berlin/O=Devilbox/OU=Devilbox/CN=devilbox.org/[email protected]/dnQualifier=1R15BhvvsVfYNh+QeB/77jYmCQE=
serial:43:4A:C5:D2:87:CC:DF:BD:F3:85:C7:9C:76:2E:52:D6:06:64:A5:83
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Subject Alternative Name:
DNS:project.loc, DNS:*.project.loc, DNS:*.www.project.loc
Signature Algorithm: sha256WithRSAEncryption
02:73:0d:df:49:da:d0:19:35:c2:fb:1d:99:81:aa:3a:48:51:
1e:2e:f4:de:50:73:71:17:0c:6d:83:9e:b1:2c:1d:b5:58:c9:
db:f0:a9:9c:db:dc:42:29:37:be:5b:59:4a:04:92:3e:da:5f:
10:97:ff:6e:d3:23:a1:6a:6f:c9:3f:b5:61:87:6b:a7:e8:ab:
72:a2:6e:eb:12:e9:89:71:b8:de:7c:63:62:e0:8e:9a:82:b1:
ae:96:67:8a:20:63:2b:75:18:1a:04:36:ed:1e:8c:b5:16:d2:
d4:77:05:5b:54:ee:d8:c4:25:6d:fb:02:2c:dc:e0:dc:2d:37:
99:71:66:f8:06:24:ff:69:69:50:b1:10:f2:c5:ff:96:28:75:
8a:e3:78:3c:7c:38:a9:1c:20:3e:1f:f5:dc:d3:ec:3b:ae:ac:
f4:14:45:16:aa:3f:db:eb:ae:b8:1d:0d:4a:76:cb:02:eb:c1:
00:e2:42:60:90:18:82:8e:3d:01:6b:1f:78:de:d9:a4:7a:df:
71:1e:aa:7e:7b:87:2c:af:ce:47:5d:be:1f:6a:4c:cd:10:67:
4e:41:c8:ca:90:fe:ac:2d:a1:92:e5:34:ea:da:ed:d9:9e:2d:
ac:38:81:7d:13:5b:0f:cd:e8:a7:99:a0:1f:54:29:10:64:19:
b6:1a:14:ab
Import CA into Chrome
1. Open Chrome settings - scroll down and click Advanced
2. Find and click on Manage certificates
3. In the tab, navigate to AUTHORITIES
4. Select devilbox-ca.crt from within the Devilbox git directory
5. Check all boxes
License
MIT License
devilbox