Create self-sign CA certificate

December 20, 2020

Page content

Why I do this?

I use GitLab for internal purpose (don’t face to the Internet.) In order to using CI/CD integration with Docker, I should use “valid” TLS certificate, so I created an self-sign certificate.

Instructions

Create a private key.

openssl ecparam -out mygitlab.com.key -name prime256v1 -genkey

Create a config file mygitlab.cnf for crate self-sign certificate.

[ req ]
default_keyfile = /path/to/the/key/file/mygitlab.com.key
default_md      = sha256

prompt              = no
distinguished_name  = gitlab_dn

x509_extensions     = gitlab_ext

[ gitlab_dn ]
commonName          = mygitlab.com
countryName         = DE
stateOrProvinceName = mein_Bundesland
emailAddress        = myaddress@mydomain.com
organizationName    = MyCompany

[ gitlab_ext ]
basicConstraints    = CA:true
keyUsage            = critical, cRLSign, digitalSignature, keyCertSign

Create the self-sign certificate (CA certificate). I set VEERY long term certificate (don’t do this in production.)

openssl req -key mygitlab.com.key -new -x509 -days 13000 -out mygitlab.com.pem -config mygitlab.cnf

mygitlab.com.pem is my private GitLab TLS certificate!