User Tools
Sidebar
software:certs:create_selfsigned_cert
What?
Creating a plain selfsigned cert, i.e. for use with a webserver. The client has by other means to verify authenticity, so i.e. fingerprint.
Creating a selfsigned x509 cert with alternate names.
$ cat >ossl.cnf<<EOT
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = DE
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Thuringia
localityName = Locality Name (eg, city)
localityName_default = Muehlhausen
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Freespeach noorg
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = noou
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = wiki.fluxcoil.net
DNS.2 = www.fluxcoil.net
DNS.3 = mail.fluxcoil.net
EOT
$ openssl genrsa -out fluxcoil.net_201507.key 4096
$ openssl req -new -out fluxcoil.net_201507.csr -nodes -sha256 \
-key fluxcoil.net_201507.key -config ossl.cnf
$ openssl req -text -noout -in fluxcoil.net_201507.csr
$ openssl x509 -in fluxcoil.net_201507.csr \
-out fluxcoil.net_201507.cert -req -signkey fluxcoil.net_201507.key \
-days 3650 -extensions v3_req -extfile ossl.cnf
$ openssl x509 -in fluxcoil.net_201507.cert -noout -text
software/certs/create_selfsigned_cert.txt ยท Last modified: 2022/11/13 12:06 by 127.0.0.1
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
