self-signed cert with san

Submitted by isntall on Mon, 02/20/2017 - 18:56
openssl genrsa -out server.key 4096
openssl rsa -in server.key -out server.key.insecure
openssl req -new -key server.key -out server.csr -sha256
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

csr with san

openssl req -new -sha256 \
    -key server.key \
    -subj "/C=US/ST=Oregon/L=Portland/O=EXA/OU=MPL/CN=exa.mpl" \
    -reqexts SAN \
    -config <(cat /etc/ssl/openssl.cnf \
        <(printf "[SAN]\nsubjectAltName=DNS:exa.mpl,DNS:www.exa.mpl")) \
    -out server.csr

(from https://security.stackexchange.com/questions/74345/provide-subjectaltname-to-openssl-directly-on-command-line)

 $ openssl req -new -config <( 
            cat <<-EOF 
            [req] 
            default_bits = 2048 
            prompt = no 
            default_md = sha1 
            req_extensions = req_ext 
            distinguished_name = dn 
            [ dn ] 
            CN = example.com 
            [ req_ext ] 
            subjectAltName = ... 
            EOF 
        ) ... 

 

Tags