SEARCH
TOOLBOX
LANGUAGES
OpenSSL

OpenSSL

From GarrettHoneycutt

Jump to: navigation, search

Contents

OpenSSL

Display cert info

$ openssl x509 -in example.crt.pem -noout -text

See a HTTPS connection and verify chain

$ openssl s_client -connect example.garretthoneycutt.com:443

Create key and certificate request (CSR)

$ openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

With a config file

$ openssl req -new -nodes -out example.com.csr -config ssl.conf

With a config file, using an old key

$ openssl req -new -nodes -out example.com.csr -key example.com.key -config ssl.conf

Specifying Subject Alternative Names

Create a ssl.conf with the following:

[ req ]
default_bits        = 2048
default_keyfile     = garretthoneycutt.com.key
distinguished_name  = req_distinguished_name
req_extensions      = req_ext # The extentions to add to the self signed cert
 
[ req_distinguished_name ]
countryName                    = Country Name (2 letter code)
countryName_default            = US
stateOrProvinceName            = State or Province Name (full name)
stateOrProvinceName_default    = Washington
localityName                   = Locality Name (eg, city)
localityName_default           = Seattle
organizationName               = Organization Name (eg, company)
organizationName_default       = My Company, Inc.
organizationalUnitName         = Organizational Unit (eg, Engineering)
organizationalUnitName_default = Systems
commonName                     = Common Name (eg, YOUR name)
commonName_default             = garretthoneycutt.com
commonName_max                 = 64
 
[ req_ext ]
subjectAltName  = @alt_names
 
[alt_names]
DNS.1  = www.garretthoneycutt.com
DNS.2  = foo.garretthoneycutt.com
DNS.3  = bar.garretthoneycutt.com