Page History
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# Specify server for which the certificate should be created
SERVER=somehost
# Step 1 - Generate Private Key and Certificate Signing Request
openssl req -new -config openssl-cert.config -extensions 'standard exts' -nodes \
-days 7300 -newkey rsa:4096 -keyout ${SERVER}.key -out ${SERVER}.csr
# Step 2 - Generate and Sign the Server Certificate
openssl x509 -req \
-in ${SERVER}.csr \
-CA root-ca.crt \
-CAkey root-ca.key \
-CAcreateserial \
-out ${SERVER}.crt -days 7300 \
-extfile <(printf "subjectAltName=DNS:${SERVER}\nnsCertType = client, server\nkeyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\nextendedKeyUsage = serverAuth, clientAuth\n") |
...
Code Block | ||||
---|---|---|---|---|
| ||||
./create_certificate.sh --dns=<server-hostname>[,<server-hostname>]> --days=<number-of-days> # Example ./create_certificate.sh --dns=apmaccs,apmaccs.sos.local --days=365 |
Overview
Content Tools