Skip to content

Instantly share code, notes, and snippets.

@gilangvperdana
Created April 7, 2023 03:43
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save gilangvperdana/13af8137c42022dc0ddb486fb04103bf to your computer and use it in GitHub Desktop.
Save gilangvperdana/13af8137c42022dc0ddb486fb04103bf to your computer and use it in GitHub Desktop.
Generate TLS Certificate on Ubuntu Server with OpenSSL

Create Openssl.cnf

nano openssl.cnf

---
[req]
default_bits       = 4096
distinguished_name = req_distinguished_name
req_extensions     = req_ext
prompt             = no

[req_distinguished_name]
C = ID
ST = Jakarta
L = Jakarta
O = LAB
OU = Infrastructure
CN = example.yourorg.site

[req_ext]
subjectAltName = @alt_names

[alt_names]
DNS.1 = example.yourorg.site
DNS.2 = www.example.yourorg.site
---

Generate

openssl genpkey -algorithm RSA -out rootCA.key -aes256
openssl req -new -x509 -key rootCA.key -out rootCA.crt -config openssl.cnf
openssl genpkey -algorithm RSA -out server.key -aes256
openssl req -new -key server.key -out server.csr -config openssl.cnf
openssl x509 -req -in server.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out server.crt -days 3650 -sha256
cat rootCA.crt server.crt > ca-certificates.crt

### Key for Nginx
openssl rsa -in server.key -out server-nopass.key
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment