This website uses cookies to ensure you get the best experience. Learn More.
Step 1: Create rootCA Key and rootCA Crt
openssl req -x509 \
-sha256 -days 356 \
-nodes \
-newkey rsa:4096 \
-subj "/CN=[Your domain]/C=US/L=Mumbai" \
-keyout rootCA.key -out rootCA.crt
Step 2: Generate your own server key
openssl genrsa -out server.key 4096
Step 3: Create CSR configuration file so that u don't have to type each and every time it asks while creating CSR
cat > csr.conf <<EOF
[ req ]
default_bits = 4096
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn
[ dn ]
C = IN(Country code)
ST = State
L = Locality
O = Organisation name
OU = Organization unit
CN = [your domain]
[ req_ext ]
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = [domain name]
DNS.2 = [domain name 2]
EOF
Step 4: Generate CSR using key and CSR configuration created in previous step
openssl req -new -key server.key -out server.csr -config csr.conf
Step 5: Create Certificate config for the certificate options.
cat > cert.conf <<EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
[alt_names]
DNS.1 = [Domain name]
Step 6:. Now use generated CSR and Key to generate SSL certificate
openssl x509 -req \
-in server.csr \
-CA rootCA.crt -CAkey rootCA.key \
-CAcreateserial -out server.crt \
-days 365 \
-sha256 -extfile cert.conf
Server.crt is the generated SSL certificate