*** Note: Make sure to uncomment "req_extensions = v3_req" in "openssl.cnf" *** # openssl x509 -req -days 730 -sha256 -extfile <(printf "subjectAltName=DNS:,DNS:testwps") -in -CA certs/ca.crt -CAkey private/ca.key -CAcreateserial -out Remember to include the SAN within the one liner command. Now copy over the CSR to the CA server using “ scp” and then sign the request. Signature Algorithm: sha256WithRSAEncryption Output: ~]# openssl req -text -noout -verify -in | grep -A2 Alternative # openssl req -text -noout -verify -in | grep -A2 Alternative Verify that the generated “.csr” includes AltName. /CN = Change it to required CommonName or Hostname.subjectAltName DNS: = Give the required Alternative Names of the host/website. On the Host generating CSR request # openssl req -new -nodes -sha256 -out -newkey rsa:2048 -keyout -extensions v3_req -subj "/C=UK/ST=BRK/O=Personal/CN=" -reqexts SAN -config <(cat /etc/pki/tls/openssl.cnf <(printf "\nsubjectAltName=DNS:,DNS:testwps")) Run this one liner command which includes SubjectAltName Let’s start with generating a certificate request. There is a requirement within all latest browsers that the website cert needs to have a SAN otherwise it complains of error with the certificate. This article will guide you through generating and signing a CSR and at the same time including SubjectAltName within the request.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |