> For the complete documentation index, see [llms.txt](https://docs.arkannis.net/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.arkannis.net/os/linux/openssl/create-certificate-via-cnf-file.md). # Create Certificate via CNF file 1. Create CNF file with the following parameters and save it as any CERTIFICATE\_NAME ```bash [ req ] default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = req_ext [req_distinguished_name] countryName = Country Name (2 letter code) countryName_default = COUNTRY_NAME_DEFAULT stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = STATE_NAME_DEFAULT localityName = Locality Name (eg, city) localityName_default = LOCALITY_NAME_DEFAULT organizationName = Organizational Unit Name (eg, section) organizationName_default = OU_NAME_DEFAULT organizationalUnitName = Organizational Unit Name (eg, section) organizationalUnitName_default = OU_NAME_DEFAULT commonName = commonName commonName_default = COMMON_NAME_DEFAULT commonName_max = 64 [req_ext] subjectAltName = @alt_names [alt_names] IP.1 = SERVER_IP DNS.1 = SERVER_DNS_NAME.com DNS.2 = www.SERVER_DNS_NAME.com ``` 2\. Create CSR: ```bash openssl req -out CERTIFICATE_NAME.csr -newkey rsa:2048 -nodes -keyout CERTIFICATE_NAME.key -config CERTIFICATE_NAME.cnf ``` 3\. Sign the certificate and import it into the location of the config file of the service Example: ```bash /etc/nginx/ssl # For Nginx ``` {% hint style="info" %} Note: Most probably this will have to be signed by the local root authority if in an enterprise {% endhint %} 4\. Restart the service: ```bash systemctl restart nginx ``` 5\. Test the URL --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.arkannis.net/os/linux/openssl/create-certificate-via-cnf-file.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.