IndieWebCamp SSL Certificates

Request an SSL Certificate

Paste your CSR below (quick ref for generating a CSR)

If your request is for a domain that ends in ".dev", it will be automatically signed and you will be able to download the certificate immediately. Otherwise, the request will require approval and you will receive an email with your signed certificate after it is complete.

(Make sure to include your email address when you generate the CSR, so that the system knows where to send your signed certificate!)

Quick Help

Generate a private key:

openssl genrsa -des3 -out server.pem 2048

Create an OpenSSL config file with your CSR details, e.g. csr.conf

[ req ]
default_bits		    = 2048
default_keyfile 	  = server.pem
distinguished_name  = req_distinguished_name
req_extensions		  = req_exts

[ req_distinguished_name ]
countryName                     = Country Name (2 letter code)
countryName_default             = US
countryName_min                 = 2
countryName_max                 = 2

stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = Oregon

localityName                    = Locality Name (eg, city)
localityName_default            = Portland

0.organizationName              = Organization Name (eg, company)
0.organizationName_default      = IndieWeb

emailAddress                    = Email Address
emailAddress_max                = 64
emailAddress_default            =

commonName                      = Common Name (e.g. server FQDN or YOUR name)
commonName_max                  = 64
commonName_default              =

[ req_exts ]
subjectAltName 			= @alt_names
extendedKeyUsage = serverAuth

[ alt_names ]
DNS.1   = *
DNS.2   = *

Generate a certificate signing request (CSR)

openssl req -new -sha256 -key server.pem -config csr.conf -out request.csr

View a CSR's details

openssl req -text -noout -verify -in request.csr

View a certificate

openssl x509 -in -text -noout

Root Certificate

In order to avoid the SSL certificate warning from your browser when visiting a site that uses your new certificate, you'll need to add the IndieWebCamp certificate authority to your system.


Opening this file on OS X will prompt you to add it to your keychain. Once you do that, your browser should recognize any site signed by this root certificate.

add to ubuntu

By Aaron Parecki