HTTPS Certificate ?
We can do that by creating a self signed certificate for our domain name homelab.lan for our website
For that we need to generate a private key using openssl:
In the /etc/ssl/private directory:
we have a private key generated by our distribution but it is not secure since everyone has it, upon this we create our private key
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out homelab.lan.key
root@k8snode:/etc/ssl/private# ls
homelab.lan.key ssl-cert-snakeoil.key
Now, nobody trust our key, and for that we need to create a public key and sign it ( usually registrar do that )
openssl req -new -key homelab.lan.key -out homelab.lan.csr
root@k8snode:/etc/ssl/private# cat homelab.lan.csr
-----BEGIN CERTIFICATE REQUEST-----
MIIC4zCCAcsCAQAwgZ0xCzAJBgNVBAYTAkFMMRIwEAYDVQQIDAlBaW4gQmVpZGEx
EjAQBgNVBAcMCUFpbiBCZWlkYTEMMAoGA1UECgwDUFRUMRAwDgYDVQQLDAdob21l
bGFiMRgwFgYDVQQDDA93ZWIuaG9tZWxhYi5sYW4xLDAqBgkqhkiG9w0BCQEWHWRq
b3VhbmkudGFxaXllZGRpbmVAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAuJp71Kb8P6NndTSFq3sRvC7UdWlNsTAsfe433O0DroyWcp7w
rvs6yFIKWHdF1Dq1CBTwM/jJiR8pdAO1qaHJBaZyAQi0V2b4KuF6a3Daa3vavZFZ
IuRWEEHX5WpRtLQWpb5AnQzfGMzAw16vqkqdWaZcOPwGlSiWdOtxq155YLhAgQsW
Wi2Huq4o2dDFn4l3PPM060Oj8IFl0QCEMH2ZFIejVk++XBUsRGopO6EMV+NkUJD/
QRiQ9WBZMlnCrgUvv6IrKjyRai+GQfPqs53TSPv2LgatR29k56yRKk6LetbXYb4w
5QQWduJuNcch0/3Ozw+YOw7Q8Be1ibAVoYIGjQIDAQABoAAwDQYJKoZIhvcNAQEL
BQADggEBAECXW0Eg1jTi8yTGD8YuPRmcXeKDnHwgZlvu8r3Me863d1wWgfyjx6Gh
9jsoSJgtxDw/7uPwIAQCKAowRDBC5xRem1lrS2Dux/I2ppn1rcRnmX9fdx2nnzcl
6tRdMVlRcqB50DBKbeL66qvmwhb5cnmhcIVKaKnInVMvBMoZUuQRsR7L/f5hrjOr
qvWMeBKifOgV2HU1HTBBkm38hAS56JQNUPL2+RsTSpcuKxKBXhUr+afXsIOuEpqG
FrM3OcM3IC7ufYIZl/tpV6w9xLW31OtVvBGv6uPi5OciwimjQPhjCjDfMbTDs4dG
oSNXltHe5llxQM2UGZ0EMXeurqlKAAI=
-----END CERTIFICATE REQUEST-----
Now i can take this certificate and take it to some CA and get it digitally signed
We’ll do it !
openssl x509 -req -days 365 -in homelab.lan.csr -signkey homelab.lan.key -out homelab.lan.crt