Menu

Sunday 9 February 2020

Openssl Self-Signed SAN's certificate

Step 1: Create a file san.cnf file and add below content to it.

########################Create a file san.cnf file################

[ req ]
default_bits        = 2048
distinguished_name  = subject
x509_extensions     = x509_ext
string_mask         = utf8only

# The Subject DN can be formed using X501 or RFC 4514 (see RFC 4519 for a description).
#   Its sort of a mashup. For example, RFC 4514 does not provide emailAddress.
[ subject ]
countryName         = Country Name (2 letter code)
countryName_default = IN

stateOrProvinceName         = State or Province Name (full name)
stateOrProvinceName_default = MAH

localityName          = Locality Name (eg, city)
localityName_default  = MUM

organizationName         = Organization Name (eg, company)
organizationName_default = MBOX

# Use a friendly name here because it's presented to the user. The server's DNS

commonName          = Common Name (e.g. server FQDN or YOUR name)
commonName_default  = www.MBbox.com
emailAddress         = middlewarebox@gmail.com

# Section x509_ext is used when generating a self-signed certificate. I.e., openssl req -x509 ...
[ x509_ext ]

subjectKeyIdentifier    = hash
authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints       = CA:TRUE


#   omit keyEncipherment because that's key transport.
keyUsage          = digitalSignature, keyEncipherment
subjectAltName    = @alternate_names
nsComment         = "OpenSSL Generated Certificate"


[ alternate_names ]

DNS.1       = www.mbox123.com
DNS.2       = middlewarebox.com
DNS.3       = www.qwerty.com

###################################################################




Step 2: Use below the below command.

Command:
export OPENSSL_CONF=/etc/httpd/conf.d/san.cnf





Step 3: Below command and press enter till exit.
command:

openssl req -x509 -sha256 -nodes -days 1365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt





Step 4: Add these generated  Keyfile & certificate location  in apache-web (ssl.conf) file.





Step 5: Check from browser













No comments:

Post a Comment