Linux Generate Ssl Key With Subjectaltname
The openssl command doesn’t provide a way to include extensions like the subjectAltName without writing a config file first. I have written a simple utility that does it all automatically. I'm generating a self-signed SSL cert: $ openssl req -x509 -newkey rsa:2048 -subj 'CN=example.com' I'd like to specify a subjectAltName also at creation time, but I cannot find info in the openssl. Unix & Linux Stack Exchange is a question and answer site for users of Linux, FreeBSD and other Un.x-like operating systems. How to generate just a key with. Apr 27, 2018 openssl req -new -days 3650 -key server.key -out server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. Jun 01, 2018 Using OpenSSL's subjectAltName with Multiple Site Domains Updated Friday, June 1, 2018 by Lukas Sabota Written by Linode Try this guide out by signing up for a Linode account with a $20 credit. $ openssl genrsa -out private.key 3072 $ openssl req -new -x509 -key private.key -sha256 -out certificate.pem -days 730 You are about to be asked to enter information that will be incorporated into your certificate request.
- Linux Generate Ssl Key With Subjectaltname Windows 10
- Linux Generate Ssl Key With Subjectaltname Windows 7
The software described in this documentation is either no longer supported or is in extended support.
Oracle recommends that you upgrade to a current supported release.
1.8.5 SSL SecurityWarning: Certificate has no subjectAltName
When you configure a Ceph Object Gateway instance and enable SSL you must create an SSL certificate. If the certificate does not have the v3 extension enabled and the subjectAltName set within the certificate, a warning message is displayed when a client such as the Swift client attempts to access the gateway:
If a subjectAltName
extension of type dNSName
is present, this is used as the identity. Otherwise, the Common Name
field in the Subject
field of the certificate is used. Although the use of the Common Name is existing practice, it is deprecated and Certification Authorities are encouraged to use the dNSName instead.
To prevent the warning from appearing at all, do the following:
Linux Generate Ssl Key With Subjectaltname Windows 10
In the working directory where you are generating the key and certificate, create a copy of the template OpenSSL configuration file:
Modify the configuration file template at
./openssl.cnf
and make the following changes:In the section
[ req ]
make sure that the following line is uncommented and not preceded with a # character:In the section
[ v3_req ]
, add the following line to the end of the parameters in this section:Add a section to the end of the configuration file:
Replace
hostname.example.com
with the fully qualified domain name for the host that you are creating the certificate for.
Generate your certificate key, as normal:
Use the certificate key and the new
openssl.cnf
file to create a Certificate Signing Request (CSR):You may either use the generated CSR to obtain a signed certificate from a recognized Certificate Authority (CA). Or, for testing purposes, you may use this to generate a self-signed certificate as follows:
Create a new configuration file,
v3.cnf
, that can host the information for the v3 requirements. Edit it to contain the following lines:Run the following OpenSSL command to generate a self-signed certificate using the CSR and your local key:
Copy the key, CSR and certificate to the usable location on the host:
Create a single PEM file containing both the key and certificate, that can be used by the Ceph Object Gateway when it is started:
(Bug 24424028)
Linux Generate Ssl Key With Subjectaltname Windows 7
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. Legal Notices