Last active
August 24, 2021 08:14
-
-
Save ferdinandosimonetti/13137714bcf5ae4ceb81426a1e6fdb52 to your computer and use it in GitHub Desktop.
Self-signed CA + wildcard host certificate with Subject Alternative Names + IPs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### root-san.cnf | |
[ req ] | |
default_bits = 4096 | |
distinguished_name = req_distinguished_name | |
req_extensions = req_ext | |
prompt = no | |
[ req_distinguished_name ] | |
countryName = IT | |
stateOrProvinceName = Milan | |
localityName = Milan | |
organizationName = Sisalpay | |
commonName = ca.sisalpay5group.local | |
[ req_ext ] | |
subjectAltName = @alt_names | |
[alt_names] | |
DNS.1 = rootca.sisalpay5group.local | |
### wildcard-san.cnf | |
[ req ] | |
default_bits = 4096 | |
distinguished_name = req_distinguished_name | |
req_extensions = req_ext | |
prompt = no | |
[ req_distinguished_name ] | |
countryName = IT | |
stateOrProvinceName = Milan | |
localityName = Milan | |
organizationName = Sisalpay | |
commonName = wildcard.sisalpay5group.local | |
[ req_ext ] | |
subjectAltName = @alt_names | |
basicConstraints=CA:FALSE | |
[alt_names] | |
IP.1 = 10.66.112.36 | |
IP.2 = 10.66.112.37 | |
IP.3 = 10.66.112.38 | |
IP.4 = 10.66.26.36 | |
IP.5 = 10.66.26.37 | |
IP.6 = 10.66.26.38 | |
DNS.1 = *.sisalpay5group.local | |
DNS.2 = sisalpay5group.local | |
########## create CA key | |
openssl.exe genrsa -out ca-key.pem 4096 | |
########## create CA certificate | |
openssl.exe req -new -x509 -out root-ca.pem -nodes -key ca-key.pem -config root-san.cnf -days 3650 | |
########## create WILDCARD certificate signing request + key | |
openssl.exe req -out wildcard.csr -newkey rsa:4096 -nodes -keyout redis-key.pem -config wildcard-san.cnf | |
########## create WILDCARD certificate FROM csr | |
openssl.exe x509 -req -in wildcard.csr -CA root-ca.pem -CAkey ca-key.pem -CAcreateserial -out redis.pem -days 3650 -extfile wildcard-san.cnf -extensions req_ext |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment