Content tagged openssl

There are some recipies on the web but none of them seems to work. OpenSSL either complains about missing distinguised_name or generates a key that is too short.

You need a config file like this:

]==> cat openssl.cfg
[req]
req_extensions = v3_req
distinguished_name = req_dn

[req_dn]
CN=hostname1.yourdomain.com

[v3_req]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = hostname2.yourdomain.com
DNS.2 = hostname2.yourdomain.com
DNS.3 = hostname4.yourdomain.com

And then run:

openssl req -new -subj /CN=hostname1.yourdomain.com -out newcsr.csr \
-nodes -config openssl.cfg -keyout privkey.pem -newkey rsa:2048