Last active
June 1, 2021 08:50
-
-
Save AlexZeitler/f5cb0a23ec2ce3cdfa4ab0b2ba350afc to your computer and use it in GitHub Desktop.
create selfsigned certificate with subject alternative name
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
mkdir ~/ssl/ | |
openssl genrsa -des3 -out ~/ssl/rootCA.key 2048 | |
openssl req -x509 -new -nodes -key ~/ssl/rootCA.key -sha256 -days 1024 -out ~/ssl/rootCA.pem |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
sudo openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat server_csr.cnf ) | |
sudo openssl x509 -req -in server.csr -CA ~/ssl/rootCA.pem -CAkey ~/ssl/rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[req] | |
default_bits = 2048 | |
prompt = no | |
default_md = sha256 | |
distinguished_name = dn | |
[dn] | |
C=US | |
ST=New York | |
L=Rochester | |
O=End Point | |
OU=Testing Domain | |
emailAddress=your-administrative-address@your-awesome-existing-domain.com | |
CN = localhost |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
authorityKeyIdentifier=keyid,issuer | |
basicConstraints=CA:FALSE | |
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment | |
subjectAltName = @alt_names | |
[alt_names] | |
DNS.1 = localhost |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
openssl x509 -text -in server.crt -noout |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Certificate: | |
Data: | |
Version: 3 (0x2) | |
Serial Number: 17237690484651272016 (0xef38942aa5c52750) | |
Signature Algorithm: sha256WithRSAEncryption | |
Issuer: C=US, ST=New York, L=Rochester, O=End Point, CN=localhost/your-administrative-address@your-awesome-existing-domain.com | |
Validity | |
Not Before: Apr 23 16:07:38 2017 GMT | |
Not After : Sep 5 16:07:38 2018 GMT | |
Subject: C=US, ST=New York, L=Rochester, O=End Point, OU=Testing Domain/emailAddress=your-administrative-address@your-awesome-existing-domain.com, CN=localhost | |
Subject Public Key Info: | |
Public Key Algorithm: rsaEncryption | |
Public-Key: (2048 bit) | |
Modulus: | |
00:b2:e3:bd:ed:28:04:85:ea:75:ee:d2:82:e1:eb: | |
f5:5f:7f:cf:7e:cb:70:de:86:9f:75:7c:f3:71:e7: | |
da:16:fb:bc:1f:89:bc:47:08:77:ca:33:20:f1:c1: | |
9e:e3:20:8d:89:14:7e:c1:0a:12:d2:59:24:56:9b: | |
77:90:5f:69:d1:a5:f1:00:38:93:1b:a7:75:f1:33: | |
e2:da:dc:32:a9:0a:85:7d:9a:20:81:ca:20:ee:86: | |
ce:e2:a0:52:d2:ab:11:34:e5:52:99:3a:81:c6:9f: | |
6b:0f:6a:02:2b:38:a6:84:c9:ba:fa:9b:ef:0a:89: | |
22:4b:79:86:3c:bd:44:a5:54:fb:cf:4d:8b:d1:44: | |
03:35:22:de:69:77:c8:fa:4d:c6:01:25:08:9f:4d: | |
a9:79:7a:aa:ca:03:b6:e4:51:57:22:27:5f:a7:12: | |
11:f3:e6:00:29:f6:58:be:2c:aa:09:e4:06:45:d9: | |
3f:75:a7:f0:75:bd:2b:a6:bb:6d:ad:93:bb:b9:1d: | |
d7:75:39:4e:9b:1d:0e:39:cc:17:74:88:f7:e2:b7: | |
85:12:96:e0:cb:42:56:d0:11:e0:84:86:e5:14:a5: | |
f2:6d:43:5d:f9:59:ae:61:7f:01:ae:95:b8:92:27: | |
1d:1c:02:d7:ad:fb:ee:f6:25:38:60:c8:41:20:17: | |
80:69 | |
Exponent: 65537 (0x10001) | |
X509v3 extensions: | |
X509v3 Authority Key Identifier: | |
keyid:5A:8D:89:64:BD:F2:3E:C2:D7:7B:BE:17:84:F4:29:E8:C5:32:35:34 | |
X509v3 Basic Constraints: | |
CA:FALSE | |
X509v3 Key Usage: | |
Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment | |
X509v3 Subject Alternative Name: | |
DNS:localhost | |
Signature Algorithm: sha256WithRSAEncryption | |
27:1d:d6:84:50:33:d2:ff:b1:06:9b:fa:f1:40:7d:47:11:bc: | |
f7:80:fd:26:87:0e:91:9f:14:be:1f:1d:9b:32:d1:fb:d6:8d: | |
af:30:8a:88:38:8c:1c:bf:77:98:8e:cd:06:48:82:fa:09:b9: | |
3c:0d:38:c4:a0:da:b7:4d:f5:81:5f:5a:76:04:61:f8:c2:1a: | |
17:ad:56:7c:72:ba:f6:65:7f:7f:e7:5e:b2:34:ba:13:23:57: | |
84:f1:c5:ca:dd:5b:55:69:95:71:44:4a:30:53:61:5c:ad:47: | |
d8:9c:d5:a2:1b:18:2d:e1:19:35:3e:3f:b2:7e:fd:bf:f3:d0: | |
45:dc:f5:57:f0:1b:cd:70:1b:e0:34:de:27:98:89:b4:a5:25: | |
a5:6c:29:c3:89:a6:a5:c5:4d:f5:45:3b:47:8e:13:45:23:07: | |
5e:d6:59:0d:96:c6:a3:f0:c5:3d:ee:a8:ad:36:96:43:13:a1: | |
b8:55:f6:c7:10:7e:8f:5d:09:ef:61:17:2a:9c:3b:50:28:c8: | |
e3:8d:a6:34:06:50:d4:3e:d5:17:ea:7d:31:97:d3:ee:df:b5: | |
23:66:5e:22:b7:e4:fa:36:4f:9a:d5:f0:a3:f9:b4:2b:27:02: | |
0b:41:94:d1:a1:f7:1b:2c:7e:74:e6:14:c3:b5:67:15:d2:ca: | |
02:77:57:a6 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment