Creating server certificate: Difference between revisions

Create openssl config file

Here is an example of server.cnf

[ req ]
default_bits = 2048
default_md = sha1
distinguished_name = req_dn
req_extensions = cert_type
prompt = no

[ req_dn ]
# country (2 letter code)
C=US

# State or Province Name (full name)
ST=Missouri

# Locality Name (eg. city)
L=St. Louis

# Organization (eg. company)
O=IVK/VVC 

# Organizational Unit Name (eg. section)
OU=VPS1 server

# Common Name (*.example.com is also possible)
CN=vps1.chepkov.com

# E-mail contact
emailAddress=root@ivk.com.au

[ cert_type ]
keyUsage=digitalSignature,keyEncipherment
extendedKeyUsage=serverAuth
subjectAltName=IP:209.20.74.232,DNS:vps1.chepkov.com,DNS:ivk.com.au

• Note: Using a file like this with subjectAltName is the only way to generate a request that will result in a certificate that is valid for more than one name.

Generate server private key

openssl genrsa -out server.key 2048

Generate certificate request

openssl req -new -key server.key -out server.csr -config server.cnf

Now you need to send your request to a certificate authority or if you have your own, sign the request (see example) You will get server certificate server.crt

Generate self-signed certificate

openssl req -x509 -new -days 3650 -key server.key -out server.crt -config server.cnf -extensions cert_type