วิธีสร้าง SSL เองเพื่อใช้กับ local domain หรือ ip

Create CA and SSL Certificate

# Create private key:
openssl genrsa -aes256 -out ca-key.pem 4096

# Create certificate from private key:
openssl req -new -x509 -sha256 -days 3650 -key ca-key.pem -out ca.pem

# Create certificate key for ssl:
openssl genrsa -out cert-key.pem 4096

# Create Certificate Signing Request (CSR)
openssl req -new -sha256 -subj "/CN=CommonName" -key cert-key.pem -out cert.csr

# Create Extension File for domain and ip address
echo "subjectAltName=DNS:server.local,IP:192.168.1.200" >> extfile.cnf

# Create Certificate from CSR and CA and Extension File
openssl x509 -req -sha256 -days 3650 -in cert.csr -CA ca.pem -CAkey ca-key.pem -out cert.pem -extfile extfile.cnf -CAcreateserial

# Crate Fullchain Certificate
cat cert.pem ca.pem > fullchain.pem

# Install SSL certificate on web server by using cert-key.pem and fullchain.pem

Install CA to Client

Windows (powershell)

1	Import-Certificate -FilePath "C:\ca.pem" -CertStoreLocation Cert:\LocalMachine\Root

Windows (Command Prompt)

1	certutil.exe -addstore root C:\ca.pem

Debian

1
2
3

# Move the CA certificate (`ca.pem`) into `/usr/local/share/ca-certificates/ca.crt`.
# Update the Cert Store
sudo update-ca-certificates

Android

Open Phone Settings
Locate Encryption and Credentials section. It is generally found under Settings > Security > Encryption and Credentials
Choose Install a certificate
Choose CA Certificate
Locate the certificate file ca.pem on your SD Card/Internal Storage using the file manager.
Select to load it.
Done!