Page History
...
As a response to the second command the OpenSSL utility prompts for a number of specifications for the Distinguished Distinguished Name, i.e. the unique name of the Root CA Certificate:
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# Specify server for which the certificate should be created server=somehost # Step 1 - Generate Private Key and Certificate Signing Request openssl req -new -config openssl-cert.config -extensions 'standard exts' -nodes \ -days 7300 -newkey rsa:4096 -keyout ${server}.key -out ${server}.csr # Step 2 - Generate and Signsign the Server Certificate openssl x509 -req \ -in ${server}.csr \ -CA root-ca.crt \ -CAkey root-ca.key \ -CAcreateserial \ -out ${server}.crt -days 7300 \ -extfile <(printf 'subjectAltName=DNS:%s\nnsCertType = client, server\nkeyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\nextendedKeyUsage = serverAuth, clientAuth\n' "${server}") |
...
Overview
Content Tools