ferdinandosimonetti/ca-and-cert-with-san-and-ip.txt

## ca-and-cert-with-san-and-ip.txt
### root-san.cnf
[ req ]
default_bits       = 4096
distinguished_name = req_distinguished_name
req_extensions     = req_ext
prompt             = no
[ req_distinguished_name ]
countryName                = IT
stateOrProvinceName        = Milan
localityName               = Milan
organizationName           = Sisalpay
commonName                 = ca.sisalpay5group.local
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1   = rootca.sisalpay5group.local

### wildcard-san.cnf
[ req ]
default_bits       = 4096
distinguished_name = req_distinguished_name
req_extensions     = req_ext
prompt             = no
[ req_distinguished_name ]
countryName                = IT
stateOrProvinceName        = Milan
localityName               = Milan
organizationName           = Sisalpay
commonName                 = wildcard.sisalpay5group.local
[ req_ext ]
subjectAltName = @alt_names
basicConstraints=CA:FALSE
[alt_names]
IP.1   = 10.66.112.36
IP.2   = 10.66.112.37
IP.3   = 10.66.112.38
IP.4   = 10.66.26.36
IP.5   = 10.66.26.37
IP.6   = 10.66.26.38
DNS.1   = *.sisalpay5group.local
DNS.2   = sisalpay5group.local

########## create CA key
openssl.exe genrsa -out ca-key.pem 4096
########## create CA certificate
openssl.exe req -new -x509 -out root-ca.pem -nodes -key ca-key.pem -config root-san.cnf -days 3650
########## create WILDCARD certificate signing request + key
openssl.exe req -out wildcard.csr -newkey rsa:4096 -nodes -keyout redis-key.pem -config wildcard-san.cnf
########## create WILDCARD certificate FROM csr
openssl.exe x509 -req -in wildcard.csr -CA root-ca.pem -CAkey ca-key.pem -CAcreateserial -out redis.pem -days 3650 -extfile wildcard-san.cnf -extensions req_ext
	### root-san.cnf
	[ req ]
	default_bits = 4096
	distinguished_name = req_distinguished_name
	req_extensions = req_ext
	prompt = no
	[ req_distinguished_name ]
	countryName = IT
	stateOrProvinceName = Milan
	localityName = Milan
	organizationName = Sisalpay
	commonName = ca.sisalpay5group.local
	[ req_ext ]
	subjectAltName = @alt_names
	[alt_names]
	DNS.1 = rootca.sisalpay5group.local

	### wildcard-san.cnf
	[ req ]
	default_bits = 4096
	distinguished_name = req_distinguished_name
	req_extensions = req_ext
	prompt = no
	[ req_distinguished_name ]
	countryName = IT
	stateOrProvinceName = Milan
	localityName = Milan
	organizationName = Sisalpay
	commonName = wildcard.sisalpay5group.local
	[ req_ext ]
	subjectAltName = @alt_names
	basicConstraints=CA:FALSE
	[alt_names]
	IP.1 = 10.66.112.36
	IP.2 = 10.66.112.37
	IP.3 = 10.66.112.38
	IP.4 = 10.66.26.36
	IP.5 = 10.66.26.37
	IP.6 = 10.66.26.38
	DNS.1 = *.sisalpay5group.local
	DNS.2 = sisalpay5group.local

	########## create CA key
	openssl.exe genrsa -out ca-key.pem 4096
	########## create CA certificate
	openssl.exe req -new -x509 -out root-ca.pem -nodes -key ca-key.pem -config root-san.cnf -days 3650
	########## create WILDCARD certificate signing request + key
	openssl.exe req -out wildcard.csr -newkey rsa:4096 -nodes -keyout redis-key.pem -config wildcard-san.cnf
	########## create WILDCARD certificate FROM csr
	openssl.exe x509 -req -in wildcard.csr -CA root-ca.pem -CAkey ca-key.pem -CAcreateserial -out redis.pem -days 3650 -extfile wildcard-san.cnf -extensions req_ext