Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
cloudappliance:createcsr [2021_09_27 17:55] – external edit 127.0.0.1cloudappliance:createcsr [2022_10_18 12:53] – changed to generate a valid SAN cert eric
Line 3: Line 3:
 Log in as smeconfiguser then become root Log in as smeconfiguser then become root
  
-    openssl req -new -newkey rsa:2048 -nodes -out my_fqdn.com.csr -keyout my_fqdn.com.key -subj "/C=US/ST=MyState/L=MyCity/O=MyOrganization/OU=MyOrganizationalUnit/CN=my.fqdn.com"+Generate a config file we'll use, update the <server fqdn> with the URL you'd like to use for access.  
 +     
 +vim san.cnf 
 +     
 +    [ req ] 
 +    default_bits       = 2048 
 +    distinguished_name = req_distinguished_name 
 +    req_extensions     = req_ext 
 +    [ req_distinguished_name ]  
 +    countryName                 = Country Name (2 letter code) 
 +    stateOrProvinceName         = State or Province Name (full name) 
 +    localityName               = Locality Name (eg, city) 
 +    organizationName           = Organization Name (eg, company) 
 +    commonName                 = Common Name (POC Server FQDN) 
 +    [ req_ext ] 
 +    subjectAltName = @alt_names 
 +    [alt_names] 
 +    DNS.1   = <server fqdn> 
 + 
 +Next we'll use this config file and generate a key and csr, please fill out the releavnt locality info during this setup:  
 +   openssl req -out server.csr -newkey rsa:2048 -nodes -keyout private.key -config san.cnf
  
 This will generate 2 files: This will generate 2 files:
    
-    my_fqdn.com.key +    private.key 
-    my_fqdn.com.csr+    server.csr
  
-Copy the file my_fqdn.com.key to the private certs folder+Copy the file private.key to the private certs folder
  
-    cp my_fqdn.com.key /etc/pki/tls/private/+    cp private.key /etc/pki/tls/private/
  
 Ensure the file is in the proper location before deleting it: Ensure the file is in the proper location before deleting it:
  
-    cat /etc/pki/tls/private/my_fqdn.com.key+    cat /etc/pki/tls/private/private.key
  
-    rm my_fqdn.com.key+    rm private.key
  
 Send the CSR to the Certificate Authority of choice Send the CSR to the Certificate Authority of choice
  
-    cat my_fqdn.com.csr+    cat  server.csr
  
 The certificate authority will reply with a signed public key and intermediary certs. The certificate authority will reply with a signed public key and intermediary certs.
© Copyright 2024 Nasuni.