Step 1: Create a file san.cnf file and add below content to it.
########################Create a file san.cnf file################
[ req ]
default_bits = 2048
distinguished_name = subject
x509_extensions = x509_ext
string_mask = utf8only
# The Subject DN can be formed using X501 or RFC 4514 (see RFC 4519 for a description).
# Its sort of a mashup. For example, RFC 4514 does not provide emailAddress.
[ subject ]
countryName = Country Name (2 letter code)
countryName_default = IN
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = MAH
localityName = Locality Name (eg, city)
localityName_default = MUM
organizationName = Organization Name (eg, company)
organizationName_default = MBOX
# Use a friendly name here because it's presented to the user. The server's DNS
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = www.MBbox.com
emailAddress = middlewarebox@gmail.com
# Section x509_ext is used when generating a self-signed certificate. I.e., openssl req -x509 ...
[ x509_ext ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints = CA:TRUE
# omit keyEncipherment because that's key transport.
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
nsComment = "OpenSSL Generated Certificate"
[ alternate_names ]
DNS.1 = www.mbox123.com
DNS.2 = middlewarebox.com
DNS.3 = www.qwerty.com
###################################################################
Step 2: Use below the below command.
Command:
export OPENSSL_CONF=/etc/httpd/conf.d/san.cnf
Step 3: Below command and press enter till exit.
command:
openssl req -x509 -sha256 -nodes -days 1365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt
Step 4: Add these generated Keyfile & certificate location in apache-web (ssl.conf) file.
Step 5: Check from browser
########################Create a file san.cnf file################
[ req ]
default_bits = 2048
distinguished_name = subject
x509_extensions = x509_ext
string_mask = utf8only
# The Subject DN can be formed using X501 or RFC 4514 (see RFC 4519 for a description).
# Its sort of a mashup. For example, RFC 4514 does not provide emailAddress.
[ subject ]
countryName = Country Name (2 letter code)
countryName_default = IN
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = MAH
localityName = Locality Name (eg, city)
localityName_default = MUM
organizationName = Organization Name (eg, company)
organizationName_default = MBOX
# Use a friendly name here because it's presented to the user. The server's DNS
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = www.MBbox.com
emailAddress = middlewarebox@gmail.com
# Section x509_ext is used when generating a self-signed certificate. I.e., openssl req -x509 ...
[ x509_ext ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints = CA:TRUE
# omit keyEncipherment because that's key transport.
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
nsComment = "OpenSSL Generated Certificate"
[ alternate_names ]
DNS.1 = www.mbox123.com
DNS.2 = middlewarebox.com
DNS.3 = www.qwerty.com
###################################################################
Step 2: Use below the below command.
Command:
export OPENSSL_CONF=/etc/httpd/conf.d/san.cnf
Step 3: Below command and press enter till exit.
command:
openssl req -x509 -sha256 -nodes -days 1365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt
Step 4: Add these generated Keyfile & certificate location in apache-web (ssl.conf) file.
Step 5: Check from browser
No comments:
Post a Comment