ssl - How can I generate a self-signed certificate with SubjectAltName using OpenSSL? -


i trying generate self-signed certificate openssl subjectaltname in it.while generating csr certificate, guess have use v3 extensions of openssl x509. using :

openssl req -new -x509 -v3 -key private.key -out certificate.pem -days 730

can me exact syntax?

can me exact syntax?

its 3 step process, , involves modifying openssl.cnf file. might able command line options, don't way.

find openssl.cnf file. located in /usr/lib/ssl/openssl.cnf:

$ find /usr/lib -name openssl.cnf /usr/lib/openssl.cnf /usr/lib/openssh/openssl.cnf /usr/lib/ssl/openssl.cnf

on debian system, /usr/lib/ssl/openssl.cnf used built-in openssl program. on recent debian systems located @ /etc/ssl/openssl.cnf

you can determine openssl.cnf being used adding spurious xxx file , see if openssl chokes.

first, modify req parameters. add alternate_names section openssl.cnf names want use. there no existing alternate_names sections, not matter add it.

[ alternate_names ]  dns.1        = example.com dns.2        = www.example.com dns.3        = mail.example.com dns.4        = ftp.example.com

next, add following existing [ v3_ca ] section. search exact string [ v3_ca ]:

subjectaltname      = @alternate_names

you might change keyusage following under [ v3_ca ]:

keyusage = digitalsignature, keyencipherment

digitalsignature , keyencipherment standard faire server certificate. don't worry nonrepudiation. useless bit thought comp sci guys wanted lawyers. means nothing in legal world.

in end, ietf (rfc 5280), browsers , cas run fast , loose, not matter key usage provide.

second, modify signing parameters. find line under ca_default section:

# extension copying option: use caution. # copy_extensions = copy

and change to:

# extension copying option: use caution. copy_extensions = copy

this ensures sans copied certificate. other ways copy dns names broken.

third, generate self-signed:

$ openssl genrsa -out private.key 3072 $ openssl req -new -x509 -key private.key -sha256 -out certificate.pem -days 730 asked enter information incorporated certificate request. enter called distinguished name or dn. ...

finally, examine certificate:

$ openssl x509 -in certificate.pem -text -noout certificate:     data:         version: 3 (0x2)         serial number: 9647297427330319047 (0x85e215e5869042c7)     signature algorithm: sha256withrsaencryption         issuer: c=us, st=md, l=baltimore, o=test ca, limited, cn=test ca/emailaddress=test@example.com         validity             not before: feb  1 05:23:05 2014 gmt             not after : feb  1 05:23:05 2016 gmt         subject: c=us, st=md, l=baltimore, o=test ca, limited, cn=test ca/emailaddress=test@example.com         subject public key info:             public key algorithm: rsaencryption                 public-key: (3072 bit)                 modulus:                     00:e2:e9:0e:9a:b8:52:d4:91:cf:ed:33:53:8e:35:                     ...                     d6:7d:ed:67:44:c3:65:38:5d:6c:94:e5:98:ab:8c:                     72:1c:45:92:2c:88:a9:be:0b:f9                 exponent: 65537 (0x10001)         x509v3 extensions:             x509v3 subject key identifier:                  34:66:39:7c:ec:8b:70:80:9e:6f:95:89:db:b5:b9:b8:d8:f8:af:a4             x509v3 authority key identifier:                  keyid:34:66:39:7c:ec:8b:70:80:9e:6f:95:89:db:b5:b9:b8:d8:f8:af:a4              x509v3 basic constraints: critical                 ca:false             x509v3 key usage:                  digital signature, non repudiation, key encipherment, certificate sign             x509v3 subject alternative name:                  dns:example.com, dns:www.example.com, dns:mail.example.com, dns:ftp.example.com     signature algorithm: sha256withrsaencryption          3b:28:fc:e3:b5:43:5a:d2:a0:b8:01:9b:fa:26:47:8e:5c:b7:          ...          71:21:b9:1f:fa:30:19:8b:be:d2:19:5a:84:6c:81:82:95:ef:          8b:0a:bd:65:03:d1

-

Comments

Post a Comment

Popular posts from this blog

html - Sizing a high-res image (~8MB) to display entirely in a small div (circular, diameter 100px) -

first of all, thank being patient know simple question more couple of weeks' experience figure out. i've seen folks persevere , helpful on here , hope you're willing me. here fiddle: http://jsfiddle.net/65uzf/ here 1 of places searched answers on here: ( vertically center image thumbnails fix-sized div ) tried solutions on there , didn't work out me. i've searched ~4 or 5 others, , been unsuccessful those, too. what want take large image (what linked background-image #ysypic , #tabpic divs) , display thumbnail version of image in confines of divs have set it. is, using background properties have laid out in css, portion of image displays inside of circular divs. without these properties, display defaults smaller section of image [presumably pi*(50^2) area in top left] terrible resolution. i not care if entire image doesn't display inside of circles (it won't, given difference in shape), , overflow not being displayed fine. want able see figu
Read more

java - IntelliJ - No such instance method -

using intellij's 12 ultimate, i'm running following code in debugger: java import play.api.libs.json.jsvalue; public class foo { ... public jsvalue tojson() { ... } public class fooexample { ... foo foo = new foo(); system.out.println("...); //<-- breakpoint at breakpoint, right-clicked source code , picked "evaluate expression," typing in: foo.tojson() . but following error showed up: no such instance method: play.api.libs.json.jsvalue$class.com.foo.foo.tojson () am doing wrong? foo#tojson calls scala code, if matters. edit had breakpoint after instantiation of foo. downvoted it, deserved it. edit my answer no longer valid after op modified question (i.e. moved breakpoint actual is).. a breakpoint hit before line executed. in case foo has not yet been declared or instantiated (i.e. foo constructor has not yet been called). you'll need put breakpoint @ next line (or step on current line) if want evaluate foo .
Read more

identifier - Is it possible for an html5 document to have two ids? -

i wondering if html5 element can have 2 ids, this: <button id="thing1" id="thing2" name="button1" onclick="change()">click here</button> or this: <button id="thing1, thing2" name="button1" onclick="change()">click here</button> also, if 1 of ids said 1 thing, , other id said thing, 1 used? tl;dr : no. in versions of html, each element can have 1 id. see the spec : the id attribute specifies element's unique identifier (id). [dom] the value must unique amongst ids in element's home subtree , must contain @ least 1 character. the value must not contain space characters. note: there no other restrictions on form id can take; in particular, ids can consist of digits, start digit, start underscore, consist of punctuation , etc. note: element's unique identifier can used variety of purposes, notably way link specific parts of document usin
Read more