Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

@sleevi

sleevi/cert.cnf

Created December 12, 2017 18:26
Show Gist options
  • Star 4 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save sleevi/814e3911fe7330af348bb303dadf97e2 to your computer and use it in GitHub Desktop.
Save sleevi/814e3911fe7330af348bb303dadf97e2 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
cert.cnf
[req]
default_bits = 2048
default_md = sha256
string_mask = utf8only
prompt = no
encrypt_key = no
distinguished_name = @req_dn
x509_extensions = @req_ext
[req_dn]
commonName = Test Certificate
[req_san]
DNS.1 = www.example.com
DNS.2 = example.com
# If you need to support IP Addresses in certs, across browsers,
# then only include one IP per cert, and update both this and
# the commonName to include the IP (for IE/Edge support).
# See https://cabforum.org/guidance-ip-addresses-certificates/
IP.1 = 127.0.0.1
[req_ext]
basicConstraints = critical, CA:false
keyUsage = critical, digitalSignature
extendedKeyUsage = critical, serverAuth
subjectAltName = @req_san
Raw
generate.sh
# Generate a request (req)
# ... and then turn it into a certificate (-x509)
# ... using the configuration from cert.cnf (-config cert.cnf)
# ... with a new 2048-bit RSA key (-newkey rsa:2048)
# ... saved in cert.key (-keyout cert.key)
# ... and save the certificate in cert.pem (-out cert.pem)
# ... with a unique serial equal to the number of seconds since the epoch (-set_serial $(date +%s))
openssl req -x509 -config cert.cnf -newkey rsa:2048 -days 365 -keyout cert.key -out cert.pem -set_serial $(date +%s)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment