This procedure demonstrates how to generate self-signed X509 certificates, which is useful in deployment situations like: - Internal environments where trusted certificates may not be needed. - In container stacks. - Behind a Proxy that maintains trusted certificates, like Caddy. # Assumptions 1. The operator has a Skyhook binary saved to disk. # Procedure 1. Dump a YAML configuration file for the command to disk. ```bash skyhook x509 generate-config > innocuous.yml ``` >[!EXAMPLE]- >```yml >subject: > country: US > province: South Dakota > locality: Spearphish > organization: Rando Widgets > organizational_unit: R&D > common_name: innocuous.domain.com >timeline: > not_before: 0001-01-01T00:00:00Z > not_after: 0001-01-01T00:00:00Z >serial_number: "6171787771877808490" >``` 2. Update values in the configuration file as needed. 3. Run the generate command: ```bash skyhook x509 generate-certs --cert-file cert.pem --key-file key.pem -c innocuous.yml ``` 4. Self-signed certificate files are now available for use. Point the Skyhook server configuration file to these values before running.