Creating server certificate

From VVCWiki
Jump to navigationJump to search

Create openssl config file

Here is an example of server.cnf

[ req ]
default_bits = 2048
default_md = sha256
distinguished_name = req_dn
req_extensions = cert_type
prompt = no

[ req_dn ]
# country (2 letter code)

# State or Province Name (full name)

# Locality Name (eg. city)

# Organization (eg. company)
O=Vadym Chepkov

# Organizational Unit Name (eg. section)

# Common Name (* is also possible)

# E-mail contact

[ cert_type ]
  • Note: Using a file like this with subjectAltName is the only way to generate a request that will result in a certificate that is valid for more than one name.

Generate server private key

openssl genrsa -out server.key 2048

Generate certificate request

openssl req -new -key server.key -out server.csr -config server.cnf

Now you need to send your request to a certificate authority or if you have your own, sign the request (see example) You will get server certificate server.crt

Generate self-signed certificate

openssl req -new -x509 -days 3650 -key server.key -out server.crt -config server.cnf -extensions cert_type