Create your own trusted SSL (TLS) certificates for intranet websites. Create and add additional SSL certificates without needing to update all web browsers in the organization. Structure the SSL certificate chains to mimic public internet websites so your private intranet can reliably be used for development and testing of internet websites.
Create a root CA one time and install it to all the machines on your network. After that task is complete, you can issue multiple SSL certificates that will automatically be trusted by all the web browsers on your network. This project and the accompaning gists will provide all the information you need to create and install trusted certificates.
openssl: Version 3.2.2 or later. You can download openssl from OpenSSL Foundation if it's not already present on your machine. The included bash shell scripts are for linux, but the openssl commands contained will be the same for Windows.
Edit the four lines at the top of create-certificate-chain.sh to suit your situation. Set executable permisions on the file and run. The script will create three SSL certificates, root, intermediate, and enduser. It will create three password protected private key files. It will create a pem file containing a copy of your root certificate.
- create-certificate-chain.sh: Bash shell script to create the certificate chain
- create-enduser-certificate.sh Bash shell script to create additional certificates
- rootCA.ext: X.509 Extensions required for a root certificate
- intermediate.ext: X.509 Extensions that allow a cert to sign other certs
- enduser.ext: Recommended X.509 extensions for a server certificate
- Notes.txt: The notes used to create this project