In this repository, I suggest looking at options for working with self-signed certificates. If you find any errors or want to suggest an improvement, please, make an issue in a current repository
- Docker version 25.0.5
-
Copy env and build openssl image
cp .env.example .env make openssl-build-image
-
Create root certificate chain, server certificate, user certificates and configuration for nginx
make step-create_all_certs-and-nginx_configs step-run_nginx
-
Run tests to check HTTPS and connections with the client certificate
make step-run_tests
-
Check links in browser
-
Import intermediate CA
macOS
make import-macos-ca CA_NAME=intermediate.level_2.root.ca
-
Check links in browser
-
Import client certificates
macOS
make import-macos-client CA_NAME=intermediate.level_2.root.ca CLIENT_EMAIL=user_1@lol.kek make import-macos-client CA_NAME=intermediate.level_2.root.ca CLIENT_EMAIL=user_2@lol.kek
-
Re-enter the OS profile so that the system selects user certificates
-
Run nginx
make step-run_nginx
-
Check links in browser incognito mode
Important
Remember, if you want to change the user certificate, you need to restart the browser
- Don't select a user
- Select user_1 - this user's certificate has been revoked, so any page will return a 400 Bad Request
- Select user_2 - this user's certificate is active
-
Now in the OS settings we will see the following certificates
macOS
- open keychain
- certificates
- keychains
- open keychain
- Add import commands for Windows and Linux
- Add documentation
- Add openssl OCSP example