Self-signed CA(Certificate Authority)

Install the OpenSSL

OpenSSL is a built-in package on macOS, while on Linux distributions, you need to install it manually. Like Ubuntu,

apt install openssl

Use openssl x509 to sign the CA

1. Generate a new private key and Certificate Signing Request

   mkdir cert && cd cert
   openssl genrsa -out ca.key 2048
   openssl req -new -sha256 -key ca.key -out ca.csr
   

2. Generate a self-signed certificate

   openssl x509 -req -sha256 -days 3650 -in ca.csr -signkey ca.key -out ca.crt
   

3. Convert a certificate file and a private key to PKCS#12 (.p12)

   openssl pkcs12 -export -clcerts -in ca.crt -inkey ca.key -out ca.p12 -password pass:<password>
   

4. Encode PKCS#12 as Base64

   base64 -w 0 ca.p12
   

Use openssl ca to sign the CA

TODO: placeholder

Reference

• 为 Surge 自签发 CA 根证书
• The Most Common OpenSSL Commands