OpenSSL Quickstart Guide
Jumpstart Your Journey with OpenSSL Using This Quickstart Guide
Caution – This documentation is a work in progress.
Quick Install
To quickly install, run the following command:
git clone https://github.com/homelab-alpha/openssl.git && cd openssl/scripts && ./ssl_dotfiles_installer.sh && cd && exec bash
If you’ve used the quick install method, you can skip to get started.
Normal Install
If you prefer to manually install, follow these steps:
Clone the OpenSSL repository to your local machine:
git clone https://github.com/homelab-alpha/openssl.gitNavigate to the
scriptsdirectory:cd openssl/scriptsRun the installation script:
./ssl_dotfiles_installer.shTo apply the changes, reset your shell environment:
cd && exec bash
Get Started
1. Set Up OpenSSL Directories and Config Files
Run the following command to create the necessary directories and configuration files:
new-ssl-directorie-setup
2. Trusted Authority
Generate a self-signed certificate to serve as a trusted authority:
new-trusted-id
3. Root Certificate Authority
Generate a root certificate authority, signed by your trusted authority:
new-root-ca
4. Intermediate Certificate Authority
Generate an intermediate certificate authority, signed by the root certificate authority:
new-ca
5. Certificate
Finally, create a certificate for localhost, signed by the intermediate certificate authority:
new-cert-localhost
When prompted for the Common Name, enter localhost and press enter. You will
now have successfully created your first certificate.
Unique Subject in OpenSSL
Important: Our default OpenSSL configuration requires a unique subject for each certificate. This ensures that each certificate has a unique identifier, preventing duplication.
Should You Adjust This Configuration?
For most users, it is strongly recommended to apply the change outlined below.
If you do not use our script revoke_ssl_certificate.sh (which is still in
development) or prefer a simpler setup, you must apply this change to avoid
potential errors.
To adjust the configuration, open the terminal and add the following lines:
echo "unique_subject = no" > $HOME/ssl/db/index.txt.attr
Afterward, verify the changes by running the following commands:
cat $HOME/ssl/db/index.txt.attr
Why Is This Change Important?
If this setting is not adjusted and you attempt to create a new SSL certificate
with the same Common Name (for example, localhost), OpenSSL may reject the
request because the name already exists in the index file.
By setting unique_subject = no, you will be able to:
- Create multiple certificates with the same Common Name without issues.
- Avoid errors when generating new certificates.
- Simplify certificate management, especially if you do not revoke certificates using the script.
For a smoother experience, we recommend applying this change unless you have a specific reason to keep the default setting.
Proceed to the next chapter: Create Your Own Certificate.
Create Your Own Certificate
1. Certificate for Server Application
Generate a certificate for your server application, signed by the intermediate certificate authority:
new-cert-server
For RSA:
new-cert-rsa-server
2. Certificate for Client Application
Generate a certificate for your client application, signed by the intermediate certificate authority:
new-cert-client
For RSA:
new-cert-rsa-client
These commands will help you create certificates tailored for your server or client applications.
Last updated 18 Feb 2025, 19:03 CET .