matthiasg/server_csr_details.txt

## server_csr_details.txt
[req]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = v3_req
distinguished_name = dn

[ dn ]
C= CountryCode
ST= State
L= City
O= Company
OU= Unit
emailAddress= someemail@somedomain.com
CN= primary.dns.name

[v3_req]
basicConstraints = CA:FALSE
subjectAltName= @alt_names
extendedKeyUsage= serverAuth,clientAuth,emailProtection
keyUsage= nonRepudiation,digitalSignature,keyEncipherment

[ alt_names ]
DNS.1 = justTheServerName
DNS.2 = theFQDN
DNS.3 = someOtherName
IP.1 = SOME_IP
IP.2 = SOME_OTHER_IP

## steps.md

      
    Raw
  

              steps.md
            
          
    Private key for the root cert

openssl genrsa -des3 -out rootCA.key 4096
Create the root certificate from the private key

openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 365 -out rootCA.crt
Create a key for the server

openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <(cat server_csr_details.txt )
Create a certificate for the server signed by the Certificate Authority above

openssl x509 -req -in server.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out server.crt -days 365 -sha256 -extensions v3_req -extfile ./server_csr_details.txt
	[req]
	default_bits = 2048
	prompt = no
	default_md = sha256
	req_extensions = v3_req
	distinguished_name = dn

	[ dn ]
	C= CountryCode
	ST= State
	L= City
	O= Company
	OU= Unit
	emailAddress= someemail@somedomain.com
	CN= primary.dns.name

	[v3_req]
	basicConstraints = CA:FALSE
	subjectAltName= @alt_names
	extendedKeyUsage= serverAuth,clientAuth,emailProtection
	keyUsage= nonRepudiation,digitalSignature,keyEncipherment

	[ alt_names ]
	DNS.1 = justTheServerName
	DNS.2 = theFQDN
	DNS.3 = someOtherName
	IP.1 = SOME_IP
	IP.2 = SOME_OTHER_IP