Created
January 4, 2021 14:45
-
-
Save tsleite/dfa8112e3089c460483e53826223b841 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mkdir -p /etc/certs | |
cd /etc/certs/ | |
openssl genrsa -aes256 -out server.key 2048 | |
cp server.key server.key.org | |
openssl rsa -in server.key.org -out server.key | |
rm server.key.org | |
---- Request Assign Certificate | |
openssl req -new -sha256 -days 365 -key server.key -out server.csr | |
Country Name (2 letter code) [XX]: | |
State or Province Name (full name) []: | |
Locality Name (eg, city) [Default City]: | |
Organization Name (eg, company) [Default Company Ltd]: | |
Organizational Unit Name (eg, section) []: | |
Common Name (eg, your name or your server's hostname) []: | |
Email Address []: | |
Please enter the following 'extra' attributes | |
to be sent with your certificate request | |
A challenge password []: | |
An optional company name []: | |
---- Sign Certificate | |
openssl x509 -req -days 365 -sha256 -in server.csr -signkey server.key -out server.crt -sha256 -extfile v3.ext | |
/etc/cert-new/server.key | |
/etc/cert-new/server.csr | |
---- SAN | |
vim v3.ext | |
authorityKeyIdentifier=keyid,issuer | |
basicConstraints=CA:FALSE | |
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment | |
subjectAltName = @alt_names | |
[alt_names] | |
DNS.1 = <DNS||IP> | |
---- End | |
chown -R nginx: /etc/cert/ | |
nginx -t | |
systemctl restart nginx |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment