From LedHed's Wiki
(Created page with "== Overview == == Create a Key == Create a server key in pem format: openssl genrsa -out server.key 2048 == Create a Config File == Normally when you generate a CSR you a...") |
(No difference)
|
Revision as of 02:42, 31 March 2016
Overview
Create a Key
Create a server key in pem format:
openssl genrsa -out server.key 2048
Create a Config File
Normally when you generate a CSR you are prompted with several questions like Country, State, yadda yadda. You can create a config file which pre-populates these fields. In this case we will use this config file to add in the Subject Alternative Names (SAN).
[req] distinguished_name = req_distinguished_name req_extensions = v3_req [req_distinguished_name] countryName = Country Name (2 letter code) countryName_default = US stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = California localityName = Locality Name (eg, city) localityName_default = Sacramento organizationalUnitName = Organizational Unit Name (eg, section) commonName = Common Name (eg, YOUR name) commonName_max = 64 emailAddress = Email Address emailAddress_max = 40 [v3_req] keyUsage = keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1 = www.yourdomain.com DNS.2 = webmail.yourdomain.com DNS.3 = www.otherdomain.com
You can modify the above settings to suit your needs. Most importantly is the [alt_names] section. This is where we add the other domains (SAN). You will be able to override the other info when creating the CSR in the next section.
Note: that when prompted for commonName: to enter your primary domain name.
Create a CSR
Create a server "Certificate Signing Request" (CSR):
openssl req -new -key server.key -out server.csr -config server.conf