Ubuntu/openssl
From r00tedvw.com wiki
(Difference between revisions)
(→Oracle Linux) |
|||
| Line 27: | Line 27: | ||
~$ openssl x509 -req -days 3650 -in san_domain_com.csr -signkey san_domain_com.key -out san_domain_com.crt -extensions v3_req -extfile openssl.cnf | ~$ openssl x509 -req -days 3650 -in san_domain_com.csr -signkey san_domain_com.key -out san_domain_com.crt -extensions v3_req -extfile openssl.cnf | ||
</nowiki> | </nowiki> | ||
| + | |||
| + | ====Converting to PKCS12==== | ||
| + | You may want to first merge the certs into a single CRT like [http://stackoverflow.com/questions/22618108/adding-an-intermediate-certificates-to-a-pkcs12-file this].<br> | ||
| + | Export to PKCS12: | ||
| + | <nowiki>$ openssl pkcs12 -export -in san_domain_com.crt -inkey san_domain_com.key -out san_domain_com.p12 | ||
| + | Enter Export Password: | ||
| + | Verifying - Enter Export Password:</nowiki> | ||
Revision as of 14:01, 29 November 2016
common openssl commands http://www.sslshopper.com/article-most-common-openssl-commands.html
generating a SSL cert with a SAN http://apetec.com/support/GenerateSAN-CSR.htm
Generating SAN Certificate
Oracle Linux
find openssl.cnf. I found it located at:
/etc/pki/tls/openssl.cnf
Verify this is present and uncommented:
[req] distinguished_name = req_distinguished_name req_extensions = v3_req
You'll probably need to add the following:
[ v3_req ] subjectAltName = @alt_names
[alt_names] DNS.1 = domain1.com DNS.2 = sub.domain1.com DNS.3 = domain2.com
Now we need to create the Key, CSR, and CRT
~$ openssl genrsa -out san_domain_com.key 2048 ~$ openssl req -new -out san_domain_com.csr -key san_domain_com.key -config openssl.cnf ~$ openssl x509 -req -days 3650 -in san_domain_com.csr -signkey san_domain_com.key -out san_domain_com.crt -extensions v3_req -extfile openssl.cnf
Converting to PKCS12
You may want to first merge the certs into a single CRT like this.
Export to PKCS12:
$ openssl pkcs12 -export -in san_domain_com.crt -inkey san_domain_com.key -out san_domain_com.p12 Enter Export Password: Verifying - Enter Export Password:
