Created
May 9, 2017 14:20
-
-
Save DRN88/53c3116de8e7058d03c5fa8bc48fb7db to your computer and use it in GitHub Desktop.
An example OpenSSL Config for quick CSR generation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # 1. Edit Certificate details in this file | |
| # 2. Always Generate a new 4096 strong private key for a new CSR: | |
| # openssl genrsa -out <FQDN-NAME-HERE>.key 4096 | |
| # 3. Generate new CSR: | |
| # openssl req -config <FQDN-NAME-HERE>.conf -new -key <FQDN-NAME-HERE>.key -out <FQDN-NAME-HERE>.csr | |
| # | |
| ### | |
| ### DO NOT EDIT THIS SECTION | |
| ### | |
| [ req ] | |
| prompt = no | |
| default_bits = 4096 | |
| default_md = sha256 | |
| distinguished_name = req_distinguished_name | |
| req_extensions = v3_req | |
| x509_extensions = usr_cert | |
| [ v3_req ] | |
| basicConstraints = critical,CA:FALSE | |
| nsCertType = client,server | |
| keyUsage = nonRepudiation,digitalSignature,keyEncipherment | |
| extendedKeyUsage = serverAuth,clientAuth | |
| subjectAltName = @alt_names | |
| ### | |
| ### EDIT FROM HERE | |
| ### | |
| [ req_distinguished_name ] | |
| C = GB | |
| ST = Greater London | |
| L = London | |
| O = MyOrganization | |
| OU = MyOrgUnit | |
| CN = <SERVER-NAME-HERE>.mydomain.local | |
| [ usr_cert ] | |
| basicConstraints = critical,CA:FALSE | |
| nsCertType = client,server | |
| keyUsage = nonRepudiation,digitalSignature,keyEncipherment | |
| extendedKeyUsage = serverAuth,clientAuth | |
| subjectKeyIdentifier = hash | |
| authorityKeyIdentifier = keyid,issuer | |
| subjectAltName = @alt_names | |
| [ alt_names ] | |
| DNS.1 = <CNAME>.mydomain.local | |
| DNS.2 = <OTHERCNAME>.mydomain.local |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment