Help Center
< All Topics
Print

Create Server cert with SAN

Posted
Updated
ByLars Niklasson

openssl version -a
openssl genrsa -aes256 -out private/ca-key.pem 4096
openssl -req -new -x509 /root/ca/private/ca-key.pem -out cacert.pem -days 3650
openssl req -new -x509 -key /root/ca/private/ca-key.pem -out cacert.pem -days 3650
vim /usr/lib/ssl/openssl.cnf

openssl x509 -req -days 730 -in pfsense.qisec.se.csr -CA /root/ca/cacert.pem -CAkey /root/ca/private/cakey.pem -CAcreateserial -out pfsense.qisec.se.crt -extensions req_ext -extfile pfsense3.cnf
openssl ca -in pfsense.qisec.se.csr -out pfsense.qisec.se.crt

openssl x509 -text -noout -in pfsense.qisec.se.crt | more
openssl req -text -noout -in pfsense.qisec.se.csr | more

root@rootca:~/ca/certs/pfsense# cat pfsense3.cnf
[req]
distinguished_name = req_distinguished_name
req_extensions = req_ext
prompt = no

[req_distinguished_name]
C = SE
ST = Stockholm
L = Sundbyberg
O = Qi Security AB
OU = Cyber Security Professionals
CN = pfsense.qisec.se

[req_ext]
subjectAltName = @alt_names

[alt_names]
IP.1 = 192.168.1.1
DNS.1 = pfsense.qisec.se
DNS.2 = pfsense
DNS.3 = fw.qisec.se

root@rootca:~/ca/certs/pfsense# cat pfsense3.cnf

root@rootca:~/ca/certs/pfsense#

Table of Contents
en_USEnglish
sv_SESwedish en_USEnglish