Create Certificate via CNF file

  1. Create CNF file with the following parameters and save it as any CERTIFICATE_NAME

[ req ]
default_bits       = 2048
distinguished_name = req_distinguished_name
req_extensions     = req_ext
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = COUNTRY_NAME_DEFAULT
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = STATE_NAME_DEFAULT
localityName = Locality Name (eg, city)
localityName_default = LOCALITY_NAME_DEFAULT
organizationName = Organizational Unit Name (eg, section)
organizationName_default = OU_NAME_DEFAULT
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = OU_NAME_DEFAULT
commonName = commonName
commonName_default = COMMON_NAME_DEFAULT
commonName_max = 64

[req_ext]
subjectAltName = @alt_names

[alt_names]
IP.1 = SERVER_IP
DNS.1 = SERVER_DNS_NAME.com
DNS.2 = www.SERVER_DNS_NAME.com

2. Create CSR:

openssl req -out CERTIFICATE_NAME.csr -newkey rsa:2048 -nodes -keyout CERTIFICATE_NAME.key -config CERTIFICATE_NAME.cnf

3. Sign the certificate and import it into the location of the config file of the service

Example:

/etc/nginx/ssl # For Nginx

Note: Most probably this will have to be signed by the local root authority if in an enterprise

4. Restart the service:

systemctl restart nginx

5. Test the URL

Last updated