How to create your own root ca to sign self signed certificates?

For applications that runs inside of an intranet, a self-signed web certificate is not enough since it cannot be validated by against any CA (Certification Authority). For this we need to create our own root CA, installing it in each pc, and sign the web certificate with it.

Let’s see how can we achieve this:

Creating the Root CA:

Step 1. Create a root key:

openssl genrsa -des3 -out rootCA.key 4096

Step 2. Create and self sign a root certificate:

openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crt

Now,Install the root certificate in each of the devices/servers you want to give ‘secure’ access to your web that uses Service Workers:

For windows use certlm.msc tool and install the certificate in the Trusted Root Certification Authorities.

server side configuration:

Step 1. Create a key for your web certificate:

openssl genrsa -out abc.com.key 2048

Step 2. Create the signing (.csr):

openssl req -new -key abc.com.key -out abc.com.csr