Skip to content

OpenSSL

Generate cert

Full

DOMAIN="srv.loc"
openssl genrsa -out ca.key 2048
openssl req -new -x509 -days 365 -key ca.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=Acme Root CA" -out ca.crt
openssl req -newkey rsa:2048 -nodes -keyout ${DOMAIN}.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=${DOMAIN}" -out ${DOMAIN}.csr
openssl x509 -req -extfile <(printf "subjectAltName=DNS:${DOMAIN}") -days 365 -in ${DOMAIN}.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out ${DOMAIN}.crt

Wildcard for 10 years

DOMAIN="infra.domain.cloud"

openssl req -x509 \
    -subj "/C=US/L=Domain/O=Local/CN=*.$DOMAIN" \
    -addext "subjectAltName = DNS:$DOMAIN, DNS:*.$DOMAIN" \
    -newkey rsa:2048 \
    -noenc \
    -days 3650 \
    -keyout $DOMAIN-wildcard.key.pem \
    -out $DOMAIN-wildcard.cert.pem

Get certificate from site:

openssl s_client -showcerts -servername domain.loc -connect domain.loc:443 </dev/null

View content of file

openssl x509 -noout -text -in {DOMAIN}.crt