Ubuntu/openssl
From r00tedvw.com wiki
(Difference between revisions)
(→Converting to PKCS12) |
|||
| Line 31: | Line 31: | ||
You may want to first merge the certs into a single CRT like [http://stackoverflow.com/questions/22618108/adding-an-intermediate-certificates-to-a-pkcs12-file this].<br> | You may want to first merge the certs into a single CRT like [http://stackoverflow.com/questions/22618108/adding-an-intermediate-certificates-to-a-pkcs12-file this].<br> | ||
Export to PKCS12: | Export to PKCS12: | ||
| − | <nowiki>$ openssl pkcs12 -export -in san_domain_com.crt -inkey san_domain_com.key -out san_domain_com.p12 | + | <nowiki>$ openssl pkcs12 -export -in san_domain_com.crt -inkey san_domain_com.key -out san_domain_com.p12 -name alias_self_signed |
Enter Export Password: | Enter Export Password: | ||
Verifying - Enter Export Password:</nowiki> | Verifying - Enter Export Password:</nowiki> | ||
Revision as of 14:07, 29 November 2016
common openssl commands http://www.sslshopper.com/article-most-common-openssl-commands.html
generating a SSL cert with a SAN http://apetec.com/support/GenerateSAN-CSR.htm
Generating SAN Certificate
Oracle Linux
find openssl.cnf. I found it located at:
/etc/pki/tls/openssl.cnf
Verify this is present and uncommented:
[req] distinguished_name = req_distinguished_name req_extensions = v3_req
You'll probably need to add the following:
[ v3_req ] subjectAltName = @alt_names
[alt_names] DNS.1 = domain1.com DNS.2 = sub.domain1.com DNS.3 = domain2.com
Now we need to create the Key, CSR, and CRT
~$ openssl genrsa -out san_domain_com.key 2048 ~$ openssl req -new -out san_domain_com.csr -key san_domain_com.key -config openssl.cnf ~$ openssl x509 -req -days 3650 -in san_domain_com.csr -signkey san_domain_com.key -out san_domain_com.crt -extensions v3_req -extfile openssl.cnf
Converting to PKCS12
You may want to first merge the certs into a single CRT like this.
Export to PKCS12:
$ openssl pkcs12 -export -in san_domain_com.crt -inkey san_domain_com.key -out san_domain_com.p12 -name alias_self_signed Enter Export Password: Verifying - Enter Export Password:
