40 lines
1.2 KiB
Plaintext
40 lines
1.2 KiB
Plaintext
|
--
|
||
|
|
-- NOTE: Make sure to answer 'localhost' as the FQDN
|
||
|
|
-- (or the proper FQDN)
|
||
|
|
-- Otherwise, socket.io will reject the connection
|
||
|
|
--
|
||
|
|
|
||
|
|
Option 1:
|
||
|
|
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt
|
||
|
|
|
||
|
|
Option 2:
|
||
|
|
openssl genrsa -out key.pem
|
||
|
|
openssl req -new -key key.pem -out csr.pem
|
||
|
|
openssl x509 -req -days 9999 -in csr.pem -signkey key.pem -out cert.pem
|
||
|
|
rm csr.pem
|
||
|
|
|
||
|
|
Option 3: With Certificate Authorities
|
||
|
|
|
||
|
|
Gen Root CA Key
|
||
|
|
openssl genrsa -out root-ca.key 4096 -nodes
|
||
|
|
|
||
|
|
Gen Root CA Certificate (self-signed)
|
||
|
|
openssl req -x509 -new -nodes -key root-ca.key -sha256 -days 1024 -out root-ca.crt
|
||
|
|
|
||
|
|
Gen Server Certificate Key
|
||
|
|
openssl genrsa -out server.key 2048 -nodes
|
||
|
|
|
||
|
|
Gen Server CSR (signing request)
|
||
|
|
openssl req -new -key server.key -out server.csr
|
||
|
|
|
||
|
|
(optional) Verify CSR Content
|
||
|
|
openssl req -in server.csr -noout -text
|
||
|
|
|
||
|
|
Sign the Server CSR to make Server Certificate
|
||
|
|
openssl x509 -req -in server.csr -CA root-ca.crt -CAkey root-ca.key -CAcreateserial -out server.crt -days 365 -sha256
|
||
|
|
|
||
|
|
Verify Server Certificate Content
|
||
|
|
openssl x509 -in server.crt -text -noout
|
||
|
|
|
||
|
|
Note: Using -nodes means no des -> no password protection on keys
|