Skip to content

Instantly share code, notes, and snippets.

@brettgoulder

brettgoulder/tutorial.md

Created April 8, 2016 18:51
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save brettgoulder/9f74ab3d8dd69fdefe5de2d0156db05a to your computer and use it in GitHub Desktop.
Save brettgoulder/9f74ab3d8dd69fdefe5de2d0156db05a to your computer and use it in GitHub Desktop.
Download ZIP
Generate a self-signed SAN Cert
Raw
tutorial.md

Step 1 - Create a req.conf file and fill it with the following:

[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = US
ST = VA
L = SomeCity
O = MyCompany
OU = MyDivision
CN = www.company.com
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = www.company.net
DNS.2 = company.com
DNS.3 = company.net

Step 2 - Generate a key

$ openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
$ openssl rsa -passin pass:x -in server.pass.key -out server.key
writing RSA key
$ rm server.pass.key
``

Generate the CSR

openssl req -x509 -nodes -days 730 -newkey rsa:2048 -key server.key -out server.csr -config req.conf

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment