Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
B
B
borodka_lenina2015-11-11 17:39:46
OpenSSL
borodka_lenina, 2015-11-11 17:39:46

How to create a root-signed certificate using the -config option?

Hello. In general, step by step:
I generate a key:
openssl genrsa -out test.key 2048 -sha256
I create a csr using -config conf.ini (it contains domains in the [alt_names] section):
openssl x509 -req -in test.csr -CA rootCA .crt -CAkey rootCA.key -CAcreateserial -out test.crt -days 5000 -sha256
The certificate is created, but there is no alt_names in it. What am I doing wrong?
Ps if I create like this, then all domains are in place:
openssl req -x509 -nodes -newkey rsa:2048 -days 9999 -keyout test.key -out test.crt -config conf.ini, but such a certificate is not signed by the root.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
B
borodka_lenina, 2015-11-11
@borodka_lenina

In general, added the section
[ CA_default ]
# Directory and file locations.
dir = /ssl/
private_key = $dir/certs/rootCA.key
certificate = $dir/certs/rootCA.crt
policy = policy_loose
It seemed to help.

Similar questions
M
mirus2014-12-05 11:48:11
How does openvpn encrypt traffic? 1Reply
R
rustem_ck2017-03-13 17:54:04
Why can an AES-256 key be less than 32 characters long? 1Reply
I
irishmann2021-03-16 13:43:36
GOST signature in php or how to sign SOAP GOST algorithms? 1Reply
E
EVOSandru62015-04-06 07:44:58
How to connect openSSl library to php? 3Reply
A
Alexey Denisov2021-03-30 00:21:26
Openssl - how to use your PrivateKey? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question