20 lines
830 B
Bash
20 lines
830 B
Bash
openssl genrsa -aes256 -out ca-key.pem 4096
|
|
openssl req -new -x509 -days 365 -subj "/C=FR/ST=NORD/L=ROUBAIX/O=Tips-Of-Mine/OU=IT/CN=tips-of-mine.local" -key ca-key.pem -sha256 -out ca.pem
|
|
openssl genrsa -out server-key.pem 4096
|
|
openssl req -sha256 -new -subj "/C=FR/ST=NORD/L=ROUBAIX/O=Tips-Of-Mine/OU=IT/CN=tips-of-mine.local" -key server-key.pem -out server.csr
|
|
cat > v3-server.cnf <<-EOF
|
|
authorityKeyIdentifier=keyid,issuer
|
|
basicConstraints=CA:FALSE
|
|
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
|
|
extendedKeyUsage = serverAuth
|
|
subjectAltName = @alt_names
|
|
|
|
[alt_names]
|
|
DNS.1=tips-of-mine.local
|
|
DNS.2=tips-of-mine
|
|
DNS.3=hostname
|
|
IP.1=127.0.0.1
|
|
IP.2=@IP
|
|
EOF
|
|
openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -extfile v3-server.cnf
|