Created
June 28, 2016 19:19
-
-
Save lloesche/d35b820b99d6da5596525ab3b2168ab9 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create your CA crt and key: | |
| openssl req -new -x509 -nodes -newkey rsa:4096 -extensions v3_ca -sha256 -days 3650 -subj "/C=US/ST=CA/L=San Francisco/O=Acme Inc./CN=Acme Insecure Certificate Authority" -keyout ca.key -out ca.crt | |
| chmod 600 ca.key | |
| # Create a CSR: | |
| openssl req -newkey rsa:2048 -nodes -sha256 -keyout cert.key -out cert.csr -subj "/C=US/ST=CA/L=San Francisco/O=Snakeoil Inc./OU=Core/CN=lobotomat.de" | |
| # Check contents of CSR (optional): | |
| openssl req -in cert.csr -text -noout | |
| # Sign the CSR, resulting in CRT and add the v3 SAN extension: | |
| openssl x509 -req -in cert.csr -out cert.crt -CA ca.crt -CAkey ca.key -CAcreateserial -sha256 -days 1095 -extensions SAN -extfile <(cat /System/Library/OpenSSL/openssl.cnf <(printf "[SAN]\nsubjectAltName = @san_names\nbasicConstraints = CA:FALSE\nkeyUsage = nonRepudiation, digitalSignature, keyEncipherment\n[san_names]\nDNS.1 = lobotomat.de\nDNS.2 = www.lobotomat.de\nIP.1 = 192.168.1.2\n")) | |
| chmod 600 cert.key | |
| # Check contents of CRT (optional) | |
| openssl x509 -in cert.crt -text -noout |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment