create_ca
This script will create a certificate authority and its root certificate ca.crt.
The certificate authority will be created in the following location:
- Linux
-
-
$EASYRSA_PKI(if set) -
$XDG_DATA_HOME/easyrsa/pki(if$XDG_DATA_HOMEis set) -
$HOME/.easyrsa/pki
-
- macOS
-
-
$EASYRSA_PKI(if set) -
$XDG_DATA_HOME/easyrsa/pki(if$XDG_DATA_HOMEis set) -
$HOME/Library/Application Support/easyrsa/pki
-
The directory will be created if it does not exit yet.
The ca.crt root certificate will be created in the directory above.
On CentOS, Debian, Fedora, Mint, Red Hat, and Ubuntu the CA root certificate will be added to the trust store and made available to Linux command-line tools.
On macOS, the CA root certificate will be added to the "System" keychain.
|
Chrome, Firefox, and Safari need no further configuration—you should restart your browser though. Docker needs to be restarted. |
|
The following environment variables affect the creation of the root certificate:
|
|
When the CA root certificate expires, the entire CA, copied root certificates, and all created and copied certificates become invalid. It is not possible to renew the CA root certificate—therefore you need to delete the CA and create a new one. If you have copied the root certificate to other locations you need to copy it again; if you have copied it into a Docker image you need to rebuild that image with the new certificate. You need to create new certificates based on this new CA. |
|
Add ~/.zshrc
|
|
Copy the script into your Node.js project and add it as a custom script to your package.json
|
Usage
$ export EASYRSA_PKI="${HOME}/.local/secrets/easyrsa/pki"
$ scripts/cert/create_ca.sh
Created certificate authority 'Easy-RSA CA (2024-08-05, example-host)'; expires on: 2025-02-01; certificate:
/Users/example/.local/secrets/easyrsa/pki/ca.crt
...
$ date -Idate
2024-08-05
$ stat -f '%A %N' ~/.local/secrets/easyrsa/pki/ca.crt
600 /Users/example/.local/secrets/easyrsa/pki/ca.crt