OpenSSL CSR with SAN: Difference between revisions
From KlavoWiki
Jump to navigationJump to search
Created page with "<pre> openssl req -out sslcert.csr -newkey rsa:2048 -nodes -keyout private.key -config /opt/ssl.conf </pre> <pre> vi /opt/ssl.conf </pre> <pre> [ req ] default_bits =..." |
No edit summary |
||
| Line 1: | Line 1: | ||
= Create Request = | |||
<pre> | <pre> | ||
openssl req - | openssl req -new -newkey rsa:4096 -nodes -config ssl.conf -subj "/C=AU/ST=Queensland/L=Ipswich/O=Home/CN=email.testforme.com" -outform pem -out sslrequest.csr -keyout private.key | ||
</pre> | </pre> | ||
= Verify Request File = | |||
<pre> | |||
openssl req -in sslrequest.csr -noout -text -verify | |||
</pre> | |||
= Configuration File = | |||
<pre> | <pre> | ||
vi /opt/ssl.conf | vi /opt/ssl.conf | ||
| Line 9: | Line 19: | ||
<pre> | <pre> | ||
[ req ] | [ req ] | ||
default_bits = | default_bits = 4096 | ||
default_keyfile = privkey.pem | |||
default_md = sha256 | |||
distinguished_name = req_distinguished_name | distinguished_name = req_distinguished_name | ||
req_extensions = req_ext | req_extensions = req_ext | ||
attributes = req_attributes | |||
[ req_distinguished_name ] | [ req_distinguished_name ] | ||
countryName_default = AU | |||
stateOrProvinceName_default = Queensland | |||
localityName_default = Ipswich | |||
commonName_default = email.testforme.com | |||
emailAddress_default = postmaster@testforme.com | |||
organizationName_default = No Org | |||
organizationalUnitName_default = No Unit | |||
[ req_attributes ] | |||
# We don't want these, but the section must exist | |||
[ req_ext ] | [ req_ext ] | ||
subjectAltName = @alt_names | keyUsage = nonRepudiation, digitalSignature, keyEncipherment | ||
extendedKeyUsage = clientAuth,serverAuth | |||
subjectAltName = @alt_names | |||
[alt_names] | [ alt_names ] | ||
DNS.1 = mail.testforme.com | DNS.1 = email.testforme.com | ||
DNS. | DNS.2 = mail.testforme.com | ||
DNS. | DNS.3 = autodiscover.testforme.com | ||
DNS. | DNS.4 = mail.klaverstyn.com | ||
DNS. | DNS.5 = autodiscover.klaverstyn.com | ||
DNS.6 = mail.klaverstyn.com.au | |||
DNS.7 = autodiscover.klaverstyn.com.au | |||
DNS.8 = home.klaverstyn.com.au | |||
DNS.9 = mail.home.klaverstyn.com.au | |||
</pre> | </pre> | ||
[[Category : Linux]] | [[Category : Linux]] | ||
Revision as of 12:49, 7 May 2020
Create Request
openssl req -new -newkey rsa:4096 -nodes -config ssl.conf -subj "/C=AU/ST=Queensland/L=Ipswich/O=Home/CN=email.testforme.com" -outform pem -out sslrequest.csr -keyout private.key
Verify Request File
openssl req -in sslrequest.csr -noout -text -verify
Configuration File
vi /opt/ssl.conf
[ req ] default_bits = 4096 default_keyfile = privkey.pem default_md = sha256 distinguished_name = req_distinguished_name req_extensions = req_ext attributes = req_attributes [ req_distinguished_name ] countryName_default = AU stateOrProvinceName_default = Queensland localityName_default = Ipswich commonName_default = email.testforme.com emailAddress_default = postmaster@testforme.com organizationName_default = No Org organizationalUnitName_default = No Unit [ req_attributes ] # We don't want these, but the section must exist [ req_ext ] keyUsage = nonRepudiation, digitalSignature, keyEncipherment extendedKeyUsage = clientAuth,serverAuth subjectAltName = @alt_names [ alt_names ] DNS.1 = email.testforme.com DNS.2 = mail.testforme.com DNS.3 = autodiscover.testforme.com DNS.4 = mail.klaverstyn.com DNS.5 = autodiscover.klaverstyn.com DNS.6 = mail.klaverstyn.com.au DNS.7 = autodiscover.klaverstyn.com.au DNS.8 = home.klaverstyn.com.au DNS.9 = mail.home.klaverstyn.com.au
