Do you know following problem?
“I need some certificates for my lab devices to test something”.
But as always, old lab CA is broken and I have no time to hassle with a new full-blown CA. Just need a few (not self-signed) certificates, and quickly, of course ;).
So here is my the shortest known recipe:
1. Open Alpine in Docker
Run this from the folder where you want your new certificates will land:
docker run --rm -it -v "$PWD":/root alpine
It will run a small Linux container, open a shell, map the current folder to the container’s /root, and clean up after exiting.
2. Generate CA certificate
# install openssl
apk update && apk add openssl
cd /root
# CA private key
openssl genrsa -out ca.key 2048
# CA certificate (self-signed)
openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 \
-subj "/C=SK/O=LabCA/CN=LabRootCA" \
-out ca.crt
- It installs openssl package
- It creates file
ca.keycontaining CA’s private key. - It creates file
ca.crtcontaining CA certificate.
3. Generate identity certificate
for router in my case
# router private key
openssl genrsa -out router.key 2048
# router CSR
openssl req -new -key router.key \
-subj "/C=SK/O=LabCA/CN=router.lab" \
-out router.csr
# Sign CSR with CA
openssl x509 -req -in router.csr -CA ca.crt -CAkey ca.key \
-CAcreateserial -out router.crt -days 365 -sha256
- It creates file
router.keywith private key for identity certificate of your host. - It creates file
router.csrwith CSR for router. - It signs CSR and creates file
router.crt
You can adjust any parameters as you need.
You can change ‘router’ to any name and create another certificates if you wish.
Conclusion
And that is all. You can find certificates and keys in your working folder now. If nobody else cares, at least this short post serves as a good memo for me ;)