Blogs

Step 1: Create rootCA Key and rootCA Crt

openssl req -x509 \

            -sha256 -days 356 \

            -nodes \

            -newkey rsa:4096 \

            -subj "/CN=[Your domain]/C=US/L=Mumbai" \

            -keyout rootCA.key -out rootCA.crt

Step 2: Generate your own server key  

openssl genrsa -out server.key 4096

Step 3: Create CSR configuration file so that u don't have to type each and every time it asks while creating CSR

cat > csr.conf <<EOF

[ req ]

default_bits = 4096

prompt = no

default_md = sha256

req_extensions = req_ext

distinguished_name = dn

[ dn ]

C = IN(Country code)

ST = State

L = Locality

O = Organisation name

OU = Organization unit

CN = [your domain]

[ req_ext ]

subjectAltName = @alt_names

[ alt_names ]

DNS.1 = [domain name]

DNS.2 = [domain name 2]

EOF

Step 4: Generate CSR using key and CSR configuration created in previous step 

openssl req -new -key server.key -out server.csr -config csr.conf

Step 5: Create Certificate config for the certificate options.

cat > cert.conf <<EOF

authorityKeyIdentifier=keyid,issuer

basicConstraints=CA:FALSE

keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment

subjectAltName = @alt_names

[alt_names]

DNS.1 = [Domain name]

EOF

Step 6:. Now use generated CSR and Key to generate SSL certificate

 openssl x509 -req \

    -in server.csr \

    -CA rootCA.crt -CAkey rootCA.key \

    -CAcreateserial -out server.crt \

    -days 365 \

    -sha256 -extfile cert.conf

Server.crt is the generated SSL certificate