Content tagged openssl

There are some recipies on the web but none of them seems to work. OpenSSL either complains about missing distinguised_name or generates a key that is too short.

You need a config file like this:

]==> cat openssl.cfg
req_extensions = v3_req
distinguished_name = req_dn


basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

DNS.1 =
DNS.2 =
DNS.3 =

And then run:

openssl req -new -subj / -out newcsr.csr \
-nodes -config openssl.cfg -keyout privkey.pem -newkey rsa:2048