Creating server certificate: Difference between revisions
From VVCWiki
Jump to navigationJump to search
No edit summary |
|||
Line 6: | Line 6: | ||
[ req ] | [ req ] | ||
default_bits = 2048 | default_bits = 2048 | ||
default_md = | default_md = sha2 | ||
distinguished_name = req_dn | distinguished_name = req_dn | ||
req_extensions = cert_type | req_extensions = cert_type |
Revision as of 13:39, 16 February 2016
Create openssl config file
Here is an example of server.cnf
[ req ] default_bits = 2048 default_md = sha2 distinguished_name = req_dn req_extensions = cert_type prompt = no [ req_dn ] # country (2 letter code) C=US # State or Province Name (full name) ST=Missouri # Locality Name (eg. city) L=St. Louis # Organization (eg. company) O=IVK/VVC # Organizational Unit Name (eg. section) OU=VPS1 server # Common Name (*.example.com is also possible) CN=vps1.chepkov.com # E-mail contact emailAddress=root@ivk.com.au [ cert_type ] keyUsage=digitalSignature,keyEncipherment extendedKeyUsage=serverAuth subjectAltName=IP:209.20.74.232,DNS:vps1.chepkov.com,DNS:ivk.com.au
- Note: Using a file like this with subjectAltName is the only way to generate a request that will result in a certificate that is valid for more than one name.
Generate server private key
openssl genrsa -out server.key 2048
Generate certificate request
openssl req -new -key server.key -out server.csr -config server.cnf
Now you need to send your request to a certificate authority or if you have your own, sign the request (see example) You will get server certificate server.crt