Skip to content

Instantly share code, notes, and snippets.

@nikhilsuvarna

nikhilsuvarna/generate_csr_mac.md

Last active June 11, 2018 21:54
Show Gist options
  • Save nikhilsuvarna/a3b8f6ad240515ea403457389017c850 to your computer and use it in GitHub Desktop.
Save nikhilsuvarna/a3b8f6ad240515ea403457389017c850 to your computer and use it in GitHub Desktop.
Download ZIP
Generate CSR for wildcard SAN certificate to be used in Cloud Foundry using openssl on OSX
Raw
generate_csr_mac.md

Copy /System/Library/OpenSSL/openssl.cnf to a new file.

Add the following at the end:

[ req ]
req_extensions = v3_req

[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[alt_names]

Then under alt_names list the DNS names, like:

DNS.1=*.osscf.cfwidgets.com
DNS.2=*.uaa.osscf.cfwidgets.com
DNS.3=*.login.osscf.cfwidgets.com

Generate private key

 openssl genrsa 2048 > gcp.key

Generate the CSR based on the private key

openssl req -new -sha256 -key gcp.key -subj "/C=US/ST=CA/O=Acme, Inc./CN=osscf.cfwidgets.com"  -reqexts v3_req -config openssl.cnf -out osscf.csr

Generate SSL certificate

openssl x509 -req -sha256 -days 365 -in osscf.csr -signkey gcp.key -out osscf.crt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment