Creating server certificate

From VVCWiki
Revision as of 14:05, 7 October 2018 by Vvc (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Create openssl config file

Here is an example of server.cnf

[ req ]
default_bits = 2048
default_md = sha256
distinguished_name = req_dn
req_extensions = cert_type
prompt = no

[ req_dn ]
# country (2 letter code)
C=US

# State or Province Name (full name)
ST=Virginia

# Locality Name (eg. city)
L=Leesburg

# Organization (eg. company)
O=Vadym Chepkov

# Organizational Unit Name (eg. section)
OU=IT

# Common Name (*.example.com is also possible)
CN=chepkov.com

# E-mail contact
emailAddress=vvc@chepkov.com

[ cert_type ]
keyUsage=digitalSignature,keyEncipherment
extendedKeyUsage=serverAuth
subjectAltName=DNS:www.chepkov.com,DNS:chepkov.com,IP:50.116.54.18
  • Note: Using a file like this with subjectAltName is the only way to generate a request that will result in a certificate that is valid for more than one name.

Generate server private key

openssl genrsa -out server.key 2048

Generate certificate request

openssl req -new -key server.key -out server.csr -config server.cnf

Now you need to send your request to a certificate authority or if you have your own, sign the request (see example) You will get server certificate server.crt

Generate self-signed certificate

openssl req -new -x509 -days 3650 -key server.key -out server.crt -config server.cnf -extensions cert_type