Skip to content

Instantly share code, notes, and snippets.

@olegbliaher

olegbliaher/self-signed-ssl-ca-san.md

Created March 16, 2021 09:29
Show Gist options
  • Save olegbliaher/8d9582a57812614dd2fec00bc31150d2 to your computer and use it in GitHub Desktop.
Save olegbliaher/8d9582a57812614dd2fec00bc31150d2 to your computer and use it in GitHub Desktop.
Download ZIP
Self-signed CA SSL certificate with SAN
Raw
self-signed-ssl-ca-san.md
  1. Generate a private key: openssl genrsa -out domain.key 2048
  2. Create a certificate signing request: openssl req -new -sha256 -key domain.key -subj "/C=SE/ST=VG/O=Company, /CN=domain.com" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:domain.com\n")) -out domain.csr
  3. Generate the certificate with the CA in question: openssl x509 -req -extfile <(printf "subjectAltName=DNS:domain.com") -in my-new-domain.com.csr -CA cacert.pem -CAkey cakey.pem -out my-new-domain.com.crt -CAcreateserial -days 500 -sha256
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment