[ req ]
distinguished_name = req_distinguished_name
policy = policy_match
x509_extensions = v3_ca
# For the CA policy
[ policy_match ]
commonName = optional
[ req_distinguished_name ]
commonName = Common Name (eg, your name or your server hostname) ## Print this message
commonName_default = f5.com
commonName_max = 64
[ v3_ca ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = critical,CA:true
nsComment = "OpenSSL Generated Certificate"
[ req ]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn
[ dn ]
C = US
ST = California
L = San Fransisco
O = f5
OU = test
CN = test.f5.com
[ req_ext ]
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = echoapp.test.f5.com
DNS.2 = app.test.f5.com
IP.1 = 127.0.0.1
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = echoapp.test.f5.com
DNS.2 = app.test.f5.com
openssl genrsa -out cakey.pem 4096
openssl req -new -x509 -days 36500 -config openssl.cnf -key cakey.pem -out cacert.pem
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr -config csr.conf
openssl x509 -req -in server.csr -CA cacert.pem -CAkey cakey.pem -CAcreateserial -out server.crt -days 36500 -sha256 -extfile cert.conf