openssl

self-signed cert with san

Submitted by isntall on Mon, 02/20/2017 - 18:56
openssl genrsa -out server.key 4096
openssl rsa -in server.key -out server.key.insecure
openssl req -new -key server.key -out server.csr -sha256
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

csr with san

openssl req -new -sha256 \
    -key server.key \
    -subj "/C=US/ST=Oregon/L=Portland/O=EXA/OU=MPL/CN=exa.mpl" \
    -reqexts SAN \
    -config <(cat /etc/ssl/openssl.cnf \
        <(printf "[SAN]\nsubjectAltName=DNS:exa.mpl,DNS:www.exa.mpl")) \
    -out server.csr

(from https://security.stackexchange.com/questions/74345/provide-subjectaltname-to-openssl-directly-on-command-line)

Tags