From ab52b8d037c360cc3875064a7381203ec1891f32 Mon Sep 17 00:00:00 2001 From: docgalaxyblock Date: Sun, 10 Mar 2024 21:55:12 +0100 Subject: [PATCH] Updated Private CA and self signed certs that work with Chrome (markdown) --- ...e-CA-and-self-signed-certs-that-work-with-Chrome.md | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/Private-CA-and-self-signed-certs-that-work-with-Chrome.md b/Private-CA-and-self-signed-certs-that-work-with-Chrome.md index a8a2155..b74392b 100644 --- a/Private-CA-and-self-signed-certs-that-work-with-Chrome.md +++ b/Private-CA-and-self-signed-certs-that-work-with-Chrome.md @@ -14,15 +14,13 @@ Create a CA key (your own little on-premise Certificate Authority): ``` openssl genpkey -algorithm RSA -aes128 -out private-ca.key -outform PEM -pkeyopt rsa_keygen_bits:2048 ``` - -Note: instead of `-aes128` you could also use the older `-des3`. +> Instead of `-aes128` you could also use the older `-des3`. Create a CA certificate: ``` openssl req -x509 -new -nodes -sha256 -days 3650 -key private-ca.key -out self-signed-ca-cert.crt ``` - -Note: the `-nodes` argument prevents setting a pass-phrase for the private key (key pair) in a test/safe environment, otherwise you'll have to input the pass-phrase every time you start/restart the server. +> The `-nodes` argument prevents setting a pass-phrase for the private key (key pair) in a test/safe environment, otherwise you'll have to input the pass-phrase every time you start/restart the server. Create a bitwarden key: ``` @@ -55,9 +53,9 @@ Create the bitwarden certificate, signed from the root CA: ``` openssl x509 -req -in bitwarden.csr -CA self-signed-ca-cert.crt -CAkey private-ca.key -CAcreateserial -out bitwarden.crt -days 365 -sha256 -extfile bitwarden.ext ``` -Note: As of April 2019 iOS 13+ and macOS 15+, the server certificate can not have an expiry > 825 and must include ExtendedKeyUsage extension https://support.apple.com/en-us/HT210176 +> Note: As of April 2019 iOS 13+ and macOS 15+, the server certificate can not have an expiry > 825 and must include ExtendedKeyUsage extension https://support.apple.com/en-us/HT210176 -Note: As of Android 11, the `basicConstraints` value must be set to `CA:TRUE` in order to be importable via the Settings app. +> Note: As of Android 11, the `basicConstraints` value must be set to `CA:TRUE` in order to be importable via the Settings app. Add the root certificate and the bitwarden certificate to client computers.