avatarCreating custom TLS certs 🏔️

There are many modern ways (Caddy, certbot) of acquiring yourself a nice TLS/SSL certificate for your services, all issued by titans such as Let’s Encrypt and ZeroSSL. Boom, you get a certificate that can be recognized and verified during a handshake by almost any user, browser, an operating system. However, what do you do if you want to try and create your own trust chain and/or need to use the encryption schemes in an isolated network/environment?

I have always found openssl command with its million utilities to be awful. At the very least, I could never remember off top of my head how to use it and what flags to pass whenever I want to self-sign or create a chain. So for that, I created a couple of scripts, which will make you your very own Certificate Authority (self-signed), server certificates (with SAN extensions), and client certificates.

I use it for my dev infrastructure, like redis.sandyuraz.com, which requires a two-way TLS handshake (both the server’s and client’s certificate needs to be vetted by the CA, which is just me). This can give you a better control over your system, however, it does pose additional challenges such as renewals, creating intermediate CAs, etc. But you will figure it out if needed, won’t you?

-> certificates github repository with scripts and configs