Creating self signed certificate using openssl#
(CN should be *.domain.com for wildcard certs)
Creating certificate signing request (CSR)#
export DOMAIN=example.com
export COUNTRY=US
export STATE="New York"
export CITY="New York City"
export ORGANIZATION="MyCompany Inc."
$ openssl req -new -newkey rsa:2048 -nodes -out $DOMAIN.csr -keyout $DOMAIN.key -subj "/C=$COUNTRY/ST=$STATE/L=$CITY/O=$ORGANIZATION/CN=$DOMAIN"
Verifying the generated CSR#
Creating the certificate#
Testing the certificate#
$ openssl s_client -connect x.x.x.x:443 -servername $DOMAIN
openssl s_client -connect 139.178.84.217:443 -servername kernel.org
CONNECTED(00000005)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = dfw.source.kernel.org
verify return:1
---
Certificate chain
0 s:/CN=dfw.source.kernel.org
i:/C=US/O=Let's Encrypt/CN=R3
1 s:/C=US/O=Let's Encrypt/CN=R3
i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
...
References#
- Most Common OpenSSL Commands
- A good explanation of SSL Certificate Formats
- OpenSSL Quick Reference Guide
Last update:
December 13, 2022
Created: July 13, 2022
Created: July 13, 2022