Jason's Braindump

Self-signed CA(Certificate Authority)

Install the OpenSSL

OpenSSL is a built-in package on macOS, while on Linux distributions, you need to install it manually. Like Ubuntu,

apt install openssl

Use openssl x509 to sign the CA

  1. Generate a new private key and Certificate Signing Request

    mkdir cert && cd cert
    openssl genrsa -out ca.key 2048
    openssl req -new -sha256 -key ca.key -out ca.csr
  2. Generate a self-signed certificate

    openssl x509 -req -sha256 -days 3650 -in ca.csr -signkey ca.key -out ca.crt
  3. Convert a certificate file and a private key to PKCS#12 (.p12)

    openssl pkcs12 -export -clcerts -in ca.crt -inkey ca.key -out ca.p12 -password pass:<password>
  4. Encode PKCS#12 as Base64

    base64 -w 0 ca.p12

Use openssl ca to sign the CA

TODO: placeholder