General Information
...
First you will need to generate the private key for your CA (Certification Authority or Zertifizierungsstelle). You will sign the certificates with this key later.
...
Info |
---|
Recommended: Copy the commands and change the values accordingly in a text editor or in the command line. |
Code Block |
---|
openssl req -new -nodes -newkey rsa:10242048 -keyout beronet.key -out beronet.req -batch -subj "/C=DE/ST=Berlin/L=Berlin/O=beroNet CA/OU=beroNet/CN=172.20.30.121" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=IP:172.20.30.121")) |
openssl req -new -nodes -newkey rsa:1024 2048 \
-keyout beronet.key -out beronet.req \
-batch -subj "/C=DE/ST=Berlin/L=Berlin/O=beroNet CA/OU=beroNet/CN=172.20.30.121" \
-reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=IP:172.20.30.121"))
1.3 Sign the Certificate With the CA (beronet.crt)
...
openssl x509 -req -in beronet.req -CA root.crt -CAkey root.key -CAcreateserial -out beronet.crt -days 365 -sha256 -extfile <(printf "subjectAltName=IP:172.20.30.121")
This certificate will be valid for one year. If you want to increase the time, change the value for the parameter -days.
...