IndieWebCamp SSL Certificates

Request an SSL Certificate

Paste your CSR below (quick ref for generating a CSR)

If your request is for a domain that ends in ".dev", it will be automatically signed and you will be able to download the certificate immediately. Otherwise, the request will require approval and you will receive an email with your signed certificate after it is complete.

(Make sure to include your email address when you generate the CSR, so that the system knows where to send your signed certificate!)

Quick Help

Generate a private key:

openssl genrsa -des3 -out server.pem 2048

Generate a certificate signing request (CSR)

openssl req -sha256 -out request.csr -key server.pem -new

Generate a CSR with a SAN (Required for newer browser) && openssl req -new -sha256 -key server.pem \
-subj "/C=US/ST=Oregon/L=Portland/O=IndieWeb/CN=$domain" -reqexts SAN \
-config <(cat /usr/local/etc/openssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:$domain")) -out $domain.csr

View a CSR's details

openssl req -text -noout -verify -in request.csr

View a certificate

openssl x509 -in -text -noout

Root Certificate

In order to avoid the SSL certificate warning from your browser when visiting a site that uses your new certificate, you'll need to add the IndieWebCamp certificate authority to your system.


Opening this file on OS X will prompt you to add it to your keychain. Once you do that, your browser should recognize any site signed by this root certificate.

By Aaron Parecki