Creating server certificate: Difference between revisions
From VVCWiki
Jump to navigationJump to search
No edit summary |
mNo edit summary |
||
| Line 22: | Line 22: | ||
# Organization (eg. company) | # Organization (eg. company) | ||
O= | O=Vadym Chepkov | ||
# Organizational Unit Name (eg. section) | # Organizational Unit Name (eg. section) | ||
Latest revision as of 14:05, 7 October 2018
Create openssl config file
Here is an example of server.cnf
[ req ] default_bits = 2048 default_md = sha256 distinguished_name = req_dn req_extensions = cert_type prompt = no [ req_dn ] # country (2 letter code) C=US # State or Province Name (full name) ST=Virginia # Locality Name (eg. city) L=Leesburg # Organization (eg. company) O=Vadym Chepkov # Organizational Unit Name (eg. section) OU=IT # Common Name (*.example.com is also possible) CN=chepkov.com # E-mail contact emailAddress=vvc@chepkov.com [ cert_type ] keyUsage=digitalSignature,keyEncipherment extendedKeyUsage=serverAuth subjectAltName=DNS:www.chepkov.com,DNS:chepkov.com,IP:50.116.54.18
- Note: Using a file like this with subjectAltName is the only way to generate a request that will result in a certificate that is valid for more than one name.
Generate server private key
openssl genrsa -out server.key 2048
Generate certificate request
openssl req -new -key server.key -out server.csr -config server.cnf
Now you need to send your request to a certificate authority or if you have your own, sign the request (see example) You will get server certificate server.crt
Generate self-signed certificate
openssl req -new -x509 -days 3650 -key server.key -out server.crt -config server.cnf -extensions cert_type
