2,306
edits
Changes
Jump to navigation
Jump to search
Line 161:
Line 161: − + + + + + + + + + + + + + + + + + + + + + + − ```+ − cp /etc/pki/tls/openssl.cnf ./ − ``` − − 2. Modify the configuration file template at ./openssl.cnf and make the following changes: − - In section [req] − − ``` − req_extensions = v3_req # The extensions to add to a certificate request − ``` − − - Insection [v3_req] − − ``` − subjectAltName = @alt_names − ``` − - At the end of the configuraiton file − − ``` − [ alt_names ] − DNS.1 = hostname.example.com − ``` − − 3. Generate your certificate key − − ``` − openssl genrsa -out hostname.example.com.key 2048 − ``` − − 4. Use the certificate key and the new openssl.cnf file to create a Certificate Signing Request (CSR): − − ``` − openssl req -new -key hostname.example.com.key -out hostname.example.com.csr -extensions v3_req -config openssl.cnf − ``` − − 5. You may either use the generated CSR to obtain a signed certificate from a recognized Certificate Authority (CA). Or, for testing purposes, you may use this to generate a self-signed certificate as follows: − - Create a new configuration file, v3.cnf, that can host the information for the v3 requirements. Edit it to contain the following lines: − − ``` − [v3_req] − subjectAltName = @alt_names − [alt_names] − DNS.1 = hostname.example.com − ``` − − - Run the following OpenSSL command to generate a self-signed certificate using the CSR and your local key: − − ``` − openssl x509 -req -days 365 -in hostname.example.com.csr -signkey hostname.example.com.key -out hostname.example.com.crt -extensions v3_req -extfile v3.cnf − ```</source>
→Self Signed Option 2
= Self Signed Option 2 =
= Self Signed Option 2 =
<source lang="markup">1. Copy your openssl.cnf.
# Copy your openssl.cnf.
#:<pre> cp /usr/lib/ssl/openssl.cnf ./</pre>
# Modify the configuration file template at ./openssl.cnf and make the following changes:
#:<pre>
#::In section [req]
#::req_extensions = v3_req # The extensions to add to a certificate request
#::Insection [v3_req]
#::subjectAltName = @alt_names
#::At the end of the configuraiton file
#::[ alt_names ]
#::DNS.1 = hostname.example.com</pre>
# Generate your certificate key
#:<pre>openssl genrsa -out hostname.example.com.key 2048</pre>
# Use the certificate key and the new openssl.cnf file to create a Certificate Signing Request (CSR):
#:<pre>openssl req -new -key hostname.example.com.key -out hostname.example.com.csr -extensions v3_req -config openssl.cnf</pre>
# You may either use the generated CSR to obtain a signed certificate from a recognized Certificate Authority (CA). Or, for testing purposes, you may use this to generate a self-signed certificate as follows:
#: Create a new configuration file, v3.cnf, that can host the information for the v3 requirements. Edit it to contain the following lines:
#::<pre>[v3_req]
#:::subjectAltName = @alt_names
#:::[alt_names]
#:::DNS.1 = hostname.example.com
# Run the following OpenSSL command to generate a self-signed certificate using the CSR and your local key:
openssl x509 -req -days 365 -in hostname.example.com.csr -signkey hostname.example.com.key -out hostname.example.com.crt -extensions v3_req -extfile v3.cnf