Ubuntu/openssl
From r00tedvw.com wiki
(Difference between revisions)
(→Oracle Linux) |
|||
| Line 4: | Line 4: | ||
generating a SSL cert with a SAN | generating a SSL cert with a SAN | ||
http://apetec.com/support/GenerateSAN-CSR.htm | http://apetec.com/support/GenerateSAN-CSR.htm | ||
| − | + | ==Generating SAN Certificate== | |
| − | ==Oracle Linux== | + | ===Oracle Linux=== |
find <code>openssl.cnf</code>. I found it located at: | find <code>openssl.cnf</code>. I found it located at: | ||
<nowiki>/etc/pki/tls/openssl.cnf</nowiki> | <nowiki>/etc/pki/tls/openssl.cnf</nowiki> | ||
| Line 20: | Line 20: | ||
DNS.2 = sub.domain1.com | DNS.2 = sub.domain1.com | ||
DNS.3 = domain2.com</nowiki> | DNS.3 = domain2.com</nowiki> | ||
| + | |||
| + | Now we need to create the Key, CSR, and CRT | ||
| + | <nowiki> | ||
| + | ~$ openssl genrsa -out san_domain_com.key 2048 | ||
| + | ~$ openssl req -new -out san_domain_com.csr -key san_domain_com.key -config openssl.cnf | ||
| + | ~$ openssl x509 -req -days 3650 -in san_domain_com.csr -signkey san_domain_com.key -out san_domain_com.crt-extensions v3_req -extfile openssl.cnf | ||
| + | </nowiki> | ||
Revision as of 13:38, 29 November 2016
common openssl commands http://www.sslshopper.com/article-most-common-openssl-commands.html
generating a SSL cert with a SAN http://apetec.com/support/GenerateSAN-CSR.htm
Generating SAN Certificate
Oracle Linux
find openssl.cnf. I found it located at:
/etc/pki/tls/openssl.cnf
Verify this is present and uncommented:
[req] distinguished_name = req_distinguished_name req_extensions = v3_req
You'll probably need to add the following:
[ v3_req ] subjectAltName = @alt_names
[alt_names] DNS.1 = domain1.com DNS.2 = sub.domain1.com DNS.3 = domain2.com
Now we need to create the Key, CSR, and CRT
~$ openssl genrsa -out san_domain_com.key 2048 ~$ openssl req -new -out san_domain_com.csr -key san_domain_com.key -config openssl.cnf ~$ openssl x509 -req -days 3650 -in san_domain_com.csr -signkey san_domain_com.key -out san_domain_com.crt-extensions v3_req -extfile openssl.cnf
