Buat Self-sign Certificate untuk Digital Signature

1. Buat openssl.cnf

[req]
default_bits       = 2048
distinguished_name = req_distinguished_name
req_extensions     = req_ext
prompt             = no

[req_distinguished_name]
C  = ID
ST = Bali
L  = Denpasar
O  = Your Organization
OU = Your Department
CN = Your Name
emailAddress = [email protected]


[req_ext]
keyUsage = critical, digitalSignature, nonRepudiation
extendedKeyUsage = clientAuth, emailProtection
subjectAltName = @alt_names

[alt_names]
email = [email protected]

2. Generate key & CSR

openssl req -new -keyout my_private_key.pem -out my_certificate_request.csr -config openssl.cnf

3. Self-sign csr yang sudah dibuat

openssl x509 -req -days 365 -in my_certificate_request.csr -signkey my_private_key.pem -out my_certificate.pem -extensions req_ext -extfile openssl.cnf

4. Verifikasi

openssl x509 -in my_certificate.pem -text -noout

5. Convert ke .p12

openssl pkcs12 -export -out my_certificate.p12 -inkey my_private_key.pem -in my_certificate.pem

Dan certificate ini bisa digunakan misal ingin membuat selfhosted digital signature dengan DocuSeal