Skip to content

Instantly share code, notes, and snippets.

@volkan

volkan/createRootCA.sh

Last active Sep 25, 2018
Embed
What would you like to do?
self signed certificate wilcard
openssl pkcs12 -export -out certificate.pfx -inkey server.key -in server.crt
#!/usr/bin/env bash
openssl genrsa -des3 -passout pass:x -out rootCA.key 2048
openssl rsa -passin pass:x -in rootCA.key -out server.key
mv rootCA.key rootCA_withpass.key
cp server.key rootCA.key
openssl req -new -key rootCA.key -out server.csr -config <( cat server_csr.cnf )
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem -config <( cat server_csr.cnf )
#!/usr/bin/env bash
openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat server_csr.cnf )
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 300 -sha256 -extfile v3.ext
ts = 2048
prompt = no
default_md = sha256
distinguished_name = dn
[dn]
C=TR
ST=Istanbul
L=L
O=End Point
OU=Company
emailAddress=mail@domain.com
CN = *.domain.com
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = *.domain.com
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.