Skip to content

OpenSSL

Generate cert

Full

DOMAIN=srv.loc
openssl genrsa -out ca.key 2048
openssl req -new -x509 -days 365 -key ca.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=Acme Root CA" -out ca.crt
openssl req -newkey rsa:2048 -nodes -keyout ${DOMAIN}.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=${DOMAIN}" -out ${DOMAIN}.csr
openssl x509 -req -extfile <(printf "subjectAltName=DNS:${DOMAIN}") -days 365 -in ${DOMAIN}.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out ${DOMAIN}.crt

Using the existing CA ` ```