- Generate a private key:
openssl genrsa -out domain.key 2048
- Create a certificate signing request:
openssl req -new -sha256 -key domain.key -subj "/C=SE/ST=VG/O=Company, /CN=domain.com" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:domain.com\n")) -out domain.csr
- Generate the certificate with the CA in question:
openssl x509 -req -extfile <(printf "subjectAltName=DNS:domain.com") -in my-new-domain.com.csr -CA cacert.pem -CAkey cakey.pem -out my-new-domain.com.crt -CAcreateserial -days 500 -sha256
Created
March 16, 2021 09:29
-
-
Save olegbliaher/8d9582a57812614dd2fec00bc31150d2 to your computer and use it in GitHub Desktop.
Self-signed CA SSL certificate with SAN
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment