Page History
...
As a response to the second command the OpenSSL utility prompts for a number of specifications for the Distinguished Distinguished Name, i.e. the unique name of the Root CA Certificate:
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
# Specify server for which the certificate should be created
server=somehost
# Step 1 - Generate Private Key and Certificate Signing Request
openssl req -new -config openssl-cert.config -extensions 'standard exts' -nodes \
-days 7300 -newkey rsa:4096 -keyout ${server}.key -out ${server}.csr
# Step 2 - Generate and Signsign the Server Certificate
openssl x509 -req \
-in ${server}.csr \
-CA root-ca.crt \
-CAkey root-ca.key \
-CAcreateserial \
-out ${server}.crt -days 7300 \
-extfile <(printf 'subjectAltName=DNS:%s\nnsCertType = client, server\nkeyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\nextendedKeyUsage = serverAuth, clientAuth\n' "${server}") |
...
Overview
Content Tools