Skip to content

Instantly share code, notes, and snippets.

Created April 7, 2023 03:43
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Generate TLS Certificate on Ubuntu Server with OpenSSL

Create Openssl.cnf

nano openssl.cnf

default_bits       = 4096
distinguished_name = req_distinguished_name
req_extensions     = req_ext
prompt             = no

C = ID
ST = Jakarta
L = Jakarta
OU = Infrastructure
CN =

subjectAltName = @alt_names

DNS.1 =
DNS.2 =


openssl genpkey -algorithm RSA -out rootCA.key -aes256
openssl req -new -x509 -key rootCA.key -out rootCA.crt -config openssl.cnf
openssl genpkey -algorithm RSA -out server.key -aes256
openssl req -new -key server.key -out server.csr -config openssl.cnf
openssl x509 -req -in server.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out server.crt -days 3650 -sha256
cat rootCA.crt server.crt > ca-certificates.crt

### Key for Nginx
openssl rsa -in server.key -out server-nopass.key
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment