OpenSSL CSR with SAN: Difference between revisions
From KlavoWiki
Jump to navigationJump to search
No edit summary |
|||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
= Create Request = | = Create Request = | ||
<pre> | <pre> | ||
openssl req -new -newkey rsa:4096 -nodes -config ssl.conf -subj "/C=AU/ST=Queensland/L=Ipswich/O=Home/CN=email.testforme.com" -outform pem -out sslrequest.csr -keyout private.key | openssl req -new -newkey rsa:4096 -nodes -config /opt/ssl.conf -subj "/C=AU/ST=Queensland/L=Ipswich/O=Home/CN=email.testforme.com" -outform pem -out sslrequest.csr -keyout private.key | ||
</pre> | </pre> | ||
= Verify Request File = | = Verify Request File = | ||
Line 45: | Line 43: | ||
[ alt_names ] | [ alt_names ] | ||
DNS.1 = | DNS.1 = mail.testforme.com | ||
DNS.2 = | DNS.2 = autodiscover.testforme.com | ||
DNS.3 | DNS.3 = mail.klaverstyn.com | ||
DNS.4 = autodiscover.klaverstyn.com | |||
DNS. | DNS.5 = mail.klaverstyn.com.au | ||
DNS. | DNS.6 = autodiscover.klaverstyn.com.au | ||
DNS. | DNS.7 = home.klaverstyn.com.au | ||
DNS. | DNS.8 = mail.home.klaverstyn.com.au | ||
DNS. | |||
</pre> | </pre> | ||
[[Category : Linux]] | [[Category : Linux]] |
Latest revision as of 13:02, 7 May 2020
Create Request
openssl req -new -newkey rsa:4096 -nodes -config /opt/ssl.conf -subj "/C=AU/ST=Queensland/L=Ipswich/O=Home/CN=email.testforme.com" -outform pem -out sslrequest.csr -keyout private.key
Verify Request File
openssl req -in sslrequest.csr -noout -text -verify
Configuration File
vi /opt/ssl.conf
[ req ] default_bits = 4096 default_keyfile = privkey.pem default_md = sha256 distinguished_name = req_distinguished_name req_extensions = req_ext attributes = req_attributes [ req_distinguished_name ] countryName_default = AU stateOrProvinceName_default = Queensland localityName_default = Ipswich commonName_default = email.testforme.com emailAddress_default = postmaster@testforme.com organizationName_default = No Org organizationalUnitName_default = No Unit [ req_attributes ] # We don't want these, but the section must exist [ req_ext ] keyUsage = nonRepudiation, digitalSignature, keyEncipherment extendedKeyUsage = clientAuth,serverAuth subjectAltName = @alt_names [ alt_names ] DNS.1 = mail.testforme.com DNS.2 = autodiscover.testforme.com DNS.3 = mail.klaverstyn.com DNS.4 = autodiscover.klaverstyn.com DNS.5 = mail.klaverstyn.com.au DNS.6 = autodiscover.klaverstyn.com.au DNS.7 = home.klaverstyn.com.au DNS.8 = mail.home.klaverstyn.com.au