Signing the CSR
-
Download OpenSSL binaries from the following link if you are using windows:
-
Create a v3.cnf file using the following template:
authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment subjectAltName = @alternate_names nsComment = "Self-signed Certificate" [ alternate_names ] DNS.1 = <DNS_1> #DNS.2 = <DNS_2> #DNS.3 = <DNS_3> #DNS.4 = <DNS_4> # Add these if you need them. But usually you don't want them or # need them in production. You may need them for development. # DNS.5 = localhost # DNS.6 = localhost.localdomain # DNS.7 = 127.0.0.1 # IPv6 localhost # DNS.8 = ::1Replace the following fields on the template:
Field Name Description DNS_<INDEX> Identify the DNS names from the CSR. Example:
authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment subjectAltName = @alternate_names nsComment = "Self-signed Certificate" [ alternate_names ] DNS.1 = www.ronella.xyz #DNS.2 = <DNS_2> #DNS.3 = <DNS_3> #DNS.4 = <DNS_4> # Add these if you need them. But usually you don't want them or # need them in production. You may need them for development. # DNS.5 = localhost # DNS.6 = localhost.localdomain # DNS.7 = 127.0.0.1 # IPv6 localhost # DNS.8 = ::1 -
Generate a CA private key and certificate pair. The following link can help:
PRIVATE CERTIFICATION AUTHORITY (CA) -
Once you have the pair (i.e. key is ca.key.pem and the certificate is ca.cert.crt), sign the CSR using the following command:
openssl x509 -req -days 365 -sha256 -in domain.csr -extfile v3.cnf -CA ca.cert.crt -CAkey ca.key.pem -CAcreateserial -out domain.crt
Viewing the generated certificate from CSR
-
View the signed certificate using the following the command:
openssl x509 -in domain.crt -text
Leave a Reply