{"id":1449,"date":"2021-04-20T08:20:58","date_gmt":"2021-04-19T20:20:58","guid":{"rendered":"https:\/\/www.ronella.xyz\/?p=1449"},"modified":"2021-04-20T08:20:58","modified_gmt":"2021-04-19T20:20:58","slug":"private-signing-a-csr","status":"publish","type":"post","link":"https:\/\/www.ronella.xyz\/?p=1449","title":{"rendered":"Private Signing a CSR"},"content":{"rendered":"<h2>Signing the CSR<\/h2>\n<ol>\n<li>\n<p>Download OpenSSL binaries from the following link if you are using windows:<\/p>\n<p><a href=\"https:\/\/slproweb.com\/products\/Win32OpenSSL.html\">https:\/\/slproweb.com\/products\/Win32OpenSSL.html<\/a><\/p>\n<\/li>\n<li>\n<p>Create a <strong>v3.cnf<\/strong> file using the following template:<\/p>\n<pre><code>authorityKeyIdentifier=keyid,issuer\nbasicConstraints=CA:FALSE\nkeyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment\nsubjectAltName          = @alternate_names\nnsComment           = \"Self-signed Certificate\"\n\n[ alternate_names ]\n\nDNS.1       = &lt;DNS_1&gt;\n#DNS.2       = &lt;DNS_2&gt;\n#DNS.3       = &lt;DNS_3&gt;\n#DNS.4       = &lt;DNS_4&gt;\n\n# Add these if you need them. But usually you don't want them or\n#   need them in production. You may need them for development.\n# DNS.5       = localhost\n# DNS.6       = localhost.localdomain\n# DNS.7       = 127.0.0.1\n\n# IPv6 localhost\n# DNS.8     = ::1<\/code><\/pre>\n<p>Replace the following fields on the template:<\/p>\n<table>\n<thead>\n<tr>\n<th>Field Name<\/th>\n<th>Description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>DNS_&lt;INDEX&gt;<\/td>\n<td>Identify the DNS names from the CSR.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Example:<\/p>\n<pre><code>authorityKeyIdentifier=keyid,issuer\nbasicConstraints=CA:FALSE\nkeyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment\nsubjectAltName          = @alternate_names\nnsComment           = \"Self-signed Certificate\"\n\n[ alternate_names ]\n\nDNS.1       = www.ronella.xyz\n#DNS.2       = &lt;DNS_2&gt; \n#DNS.3       = &lt;DNS_3&gt;\n#DNS.4       = &lt;DNS_4&gt;\n\n# Add these if you need them. But usually you don't want them or\n#   need them in production. You may need them for development.\n# DNS.5       = localhost\n# DNS.6       = localhost.localdomain\n# DNS.7       = 127.0.0.1\n\n# IPv6 localhost\n# DNS.8     = ::1<\/code><\/pre>\n<\/li>\n<li>\n<p>Generate a <strong>CA private key<\/strong> and <strong>certificate<\/strong> pair. The following link can help:<br \/>\n<a href=\"https:\/\/www.ronella.xyz\/?p=1443\" title=\"PRIVATE CERTIFICATION AUTHORITY (CA)\">PRIVATE CERTIFICATION AUTHORITY (CA)<\/a><\/p>\n<\/li>\n<li>\n<p>Once you have the pair <em>(i.e. key is <strong>ca.key.pem<\/strong> and the certificate is <strong>ca.cert.crt<\/strong>)<\/em>, sign the CSR using the following command:<\/p>\n<pre><code>openssl x509 -req -days 365 -sha256 -in domain.csr -extfile v3.cnf -CA ca.cert.crt -CAkey ca.key.pem -CAcreateserial -out domain.crt<\/code><\/pre>\n<\/li>\n<\/ol>\n<h2>Viewing the generated certificate from CSR<\/h2>\n<ol>\n<li>\n<p>View the signed certificate using the following the command:<\/p>\n<pre><code>openssl x509 -in domain.crt -text<\/code><\/pre>\n<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Signing the CSR Download OpenSSL binaries from the following link if you are using windows: https:\/\/slproweb.com\/products\/Win32OpenSSL.html Create a v3.cnf file using the following template: authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment subjectAltName = @alternate_names nsComment = &#8220;Self-signed Certificate&#8221; [ alternate_names ] DNS.1 = &lt;DNS_1&gt; #DNS.2 = &lt;DNS_2&gt; #DNS.3 = &lt;DNS_3&gt; #DNS.4 = &lt;DNS_4&gt; # [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[23],"tags":[],"_links":{"self":[{"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=\/wp\/v2\/posts\/1449"}],"collection":[{"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1449"}],"version-history":[{"count":1,"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=\/wp\/v2\/posts\/1449\/revisions"}],"predecessor-version":[{"id":1450,"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=\/wp\/v2\/posts\/1449\/revisions\/1450"}],"wp:attachment":[{"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1449"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1449"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1449"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}