Skip to content

Instantly share code, notes, and snippets.

@haitch

haitch/openssl.md

Created December 4, 2021 09:28
Show Gist options
  • Save haitch/9f337eab7ec2c7c627f5f9cf60110d07 to your computer and use it in GitHub Desktop.
Save haitch/9f337eab7ec2c7c627f5f9cf60110d07 to your computer and use it in GitHub Desktop.
Download ZIP
generate ssl with ca and server, with alter name
Raw
openssl.md

Create the root key

openssl ecparam -out contoso.key -name prime256v1 -genkey

Create a Root Certificate and self-sign it

openssl req -new -sha256 -key contoso.key -out contoso.csr

openssl x509 -req -sha256 -days 365 -in contoso.csr -signkey contoso.key -out contoso.crt

Create the certificate's key

openssl ecparam -out fabrikam.key -name prime256v1 -genkey

Create the CSR (Certificate Signing Request)

openssl req -new -sha256 -key fabrikam.key -out fabrikam.csr

Generate the certificate with the CSR and the key and sign it with the CA's root key

openssl x509 -req -in fabrikam.csr -CA  contoso.crt -CAkey contoso.key -CAcreateserial -out fabrikam.crt -days 365 -sha256

alternative names

cp /etc/ssl/openssl.cnf ./customized.cnf

Merge following content into customized.cnf

[ req ]
req_extensions = v3_req

[ v3_req ]
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = alter-dns1
DNS.2 = alter-dns2
IP = 192.168.15.247

Append -config customized.cnf to openssl req -new command

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment