{"id":13337936,"url":"https://github.com/llekn/openssl-ca","last_synced_at":"2025-03-11T08:31:59.774Z","repository":{"id":70036524,"uuid":"82246803","full_name":"llekn/openssl-ca","owner":"llekn","description":"Shell scripts to manage a private Certificate Authority using OpenSSL","archived":false,"fork":false,"pushed_at":"2017-09-27T03:06:36.000Z","size":23,"stargazers_count":57,"open_issues_count":0,"forks_count":19,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-10-23T20:11:21.504Z","etag":null,"topics":["certificate-authority","openssl","ssl","ssl-cert","tls","x509"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/llekn.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-02-17T02:09:11.000Z","updated_at":"2024-08-24T11:15:03.000Z","dependencies_parsed_at":"2023-02-23T21:00:21.482Z","dependency_job_id":null,"html_url":"https://github.com/llekn/openssl-ca","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/llekn%2Fopenssl-ca","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/llekn%2Fopenssl-ca/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/llekn%2Fopenssl-ca/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/llekn%2Fopenssl-ca/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/llekn","download_url":"https://codeload.github.com/llekn/openssl-ca/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243000806,"owners_count":20219747,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certificate-authority","openssl","ssl","ssl-cert","tls","x509"],"created_at":"2024-07-29T19:15:16.275Z","updated_at":"2025-03-11T08:31:59.763Z","avatar_url":"https://github.com/llekn.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# OpenSSL self-managed Certificate Authority\n\n__Notice:__ If you are looking for a way to use SSL certs on public host addresses, please consider using [Let's Encrypt](https://letsencrypt.org/) project! It's free, it's automated and is already trused by common browsers so you won't have to manipulate user's certificates chain of trust. For private addresses (ie: `myhost`, `myhost.mydomain`, `10.0.0.1`, etc) Let's Encrypt won't help you so this project could be very useful.\n\n## Description\n\nTired of really-complicated-stuff on internet about how to create and maintain self-managed certificates?\nMe too! That's why I've created this simple project to:\n\n1. Provide sane defaults (`rsa`/`sha256`/`2048` bits keys) via a config file (`openssl.conf`)\n2. Provide a script (`create_ca_key.sh`) to create your own Certificate Authority to sign certificates\n3. Provide a script (`create_csr.sh`) to create keys and certificate signing requests (CSR) for your apps\n4. Provide a script (`sign_csr.sh`) to sign your CSRs\n5. Provide a script (`create_crt.sh`) to perform (3) and (4) in one step.\n\n## Getting started\n\n1. __Clone this repo__\n2. __Run `create_ca_key.sh`__ to create your root CA certificate and private key. The root CA certificate will be stored on the `./CA` folder named `ca.crt` and the private key will be stored in `./CA/private/ca.key`. You should call this script only once, as it will overwrite any existing CA key and CA certificate already present on the repo.\n3. __Create and sign as many certificates you want__, using `create_crt.sh \u003capp_name\u003e`. The key, CSR and certificate generated will be stored as `./out/\u003capp_name\u003e.\u003ckey|csr|crt\u003e`.\n4. __Ready!__ You can use your app-specific keys and certificates on your apps. If you want to trust these certificates you should add `./CA/ca.crt` onto your local storage of trusted certificates (on Ubuntu this can be done by copying the file to `/usr/local/share/ca-certificates/` and running `update-ca-certificates`). The nice thing is that what you are really doing is to build your own chain of trust, managed by you.\n\n__Warning__: Adding `ca.crt` to your list of trusted CA means that your PC will trust any certificate signed by `./CA/private/ca.key` .  This could be used to impersonate any website on PCs that trust this cert so __keep this key private!!__ (Ideally offline)\n\n## Being your own CA\n\nThe `openssl.conf` file manages various defaults for cert creation. I tried to not include insane parameters but you should really look them to check if those match your definition of sanity.\n\nIt is also possible to uncomment the Defaults (under the `req_distinguished_name` section) if you want to save some keystrokes by pre-completing some boring cert fields.\n\n## References:\n1. [SSL certs in debian-administration](http://www.debian-administration.org/article/284/Creating_and_Using_a_self_signed__SSL_Certificates_in_debian)\n2. [Installing a SSL cert on Ubuntu](http://askubuntu.com/questions/73287/how-do-i-install-a-root-certificate)\n3. [OpenSSL sample minimal CA app](https://www.openssl.org/docs/apps/ca.html)\n4. [OpenSSL Certificate Authority](https://jamielinux.com/docs/openssl-certificate-authority/introduction.html)\n5. [How to setup your own CA with OpenSSL](https://gist.github.com/Soarez/9688998)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fllekn%2Fopenssl-ca","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fllekn%2Fopenssl-ca","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fllekn%2Fopenssl-ca/lists"}