Created
April 2, 2019 02:27
-
-
Save muffik/4eccdc2574eb6b83a9fa99578431cd41 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Генерация корневого сертификата: | |
openssl genrsa -des3 -passout pass:qwerty -out RootCA.key.pem 2048; | |
openssl req -x509 -new -nodes -key RootCA.key.pem \ | |
-passin pass:qwerty \ | |
-sha256 -days 1024 -out Root.cert.pem \ | |
-subj "/C=AU/ST=NSW/L=Sydney/O=CompanyName/OU=Company Description/CN=www.company-name.com" | |
Выпускаем сертификат: | |
openssl req -new -sha256 -nodes -out server.csr.pem \ | |
-newkey rsa:2048 -keyout server.key.pem \ | |
-config <( cat server.csr.cnf ); | |
openssl x509 -req \ | |
-in server.csr.pem \ | |
-passin pass:qwerty \ | |
-CA Root.cert.pem \ | |
-CAkey RootCA.key.pem -CAcreateserial -out server.cert.pem \ | |
-days 500 -sha256 -extfile v3.ext; | |
v3.ext: | |
authorityKeyIdentifier=keyid,issuer | |
basicConstraints=CA:FALSE | |
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment | |
subjectAltName = @alt_names | |
[alt_names] | |
DNS.1 = *.yourlocal-domain.com | |
server.csr.cnf: | |
[req] | |
default_bits = 2048 | |
prompt = no | |
default_md = sha256 | |
distinguished_name = dn | |
[dn] | |
C=AU | |
ST=NSW | |
L=Sydney | |
O=company name | |
OU=Development Department | |
emailAddress=your-email@mail.com | |
CN = *.yourlocal-domain.com |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment