Difference between revisions of "Generate a CSR with SANs"

From IVS Wiki
Jump to: navigation, search
m (IVSWikiBlue moved page Create a CSR with SANs to Generate a CSR with SANs)
 
(7 intermediate revisions by the same user not shown)
Line 1: Line 1:
==Issue certificate with a SAN==
+
__TOC__
# Connect to the Valt appliance via SSH.
+
{{Article | title = Generate a CSR with SANs | content =  
# Type in the following, and press Enter: <pre>nano csr_details.conf</pre>
+
<ol>
# Copy and paste the following into nano:
+
<li> Connect to the Valt appliance via SSH</li>
 +
<li> Type in the following, and press {{Keyboard | key = Enter}}</li>
 +
<ul>
 +
<li>{{Code Block - Mini | text = <span class="code_regex">nano</span> <span class="code_file">csr_details.conf</span>}}</li>
 +
</ul>
 +
<li> Copy and paste the following into nano:</li>
 +
{{Aside | content = Make sure to update the CSR with your information.}}
 
<pre>[req]
 
<pre>[req]
 
default_bits = 2048
 
default_bits = 2048
Line 22: Line 28:
 
DNS.1 = your-new-domain.com
 
DNS.1 = your-new-domain.com
 
DNS.2 = www.your-new-domain.com</pre>
 
DNS.2 = www.your-new-domain.com</pre>
# Update the information to match your installation. This is the same information you would normally put in a CSR.
+
<li> Update the information to match your installation. This is the same information you would normally put in a CSR.</li>
# Press '''Ctrl + X'''.
+
<li> Press {{Keyboard | key = CTRL}} + {{Keyboard | key = X}}</li>
# Enter '''Y'''.
+
<li> Enter {{Keyboard | key = Y}}.</li>
# Press Enter.
+
<li> Press {{Keyboard | key = Enter}}.</li>
# Type in the following, and press Enter: <pre>openssl req -new -sha256 -nodes -out your-new-domain.com.csr -newkey rsa:2048 -keyout your-new-domain.com.key -config csr_details.conf</pre>
+
<li> Type in the following, and press {{Keyboard | key = Enter}}</li>
#: ''Make sure to update the CSR and key path for your installation.''
+
<ul>
 +
<li>{{Code Block - Mini | text = <span class="code_regex">openssl</span> req -new -sha256 -nodes -out <span class="code_file">valt.csr</span> -newkey rsa:2048 -keyout <span class="code_file">valt.key</span> -config <span class="code_file">csr_details.conf</span>}}</li>
 +
</ul>
 +
{{Aside | content = Make sure to update the CSR and key path for your installation.}}
 +
</ol>
 +
{{hr}}
 +
==Other Commands==
 +
<dl>
 +
<dt>Check a Certificate Signing Request (CSR)</dt>
 +
  <dd>{{Code Block - Mini | text = <span class="code_regex">openssl</span> req -text -noout -verify -in <span class="code_file">valt.csr</span>}}</dd>
 +
<dt>Check a certificate</dt>
 +
  <dd>{{Code Block - Mini | text = <span class="code_regex">openssl</span> x509 -in <span class="code_file">valt.cer</span> -text -noout}}</dd>
 +
<dt>Check a private key</dt>
 +
  <dd>{{Code Block - Mini | text = <span class="code_regex">openssl</span> rsa -in <span class="code_file">valt.key</span> -check}}</dd>
 +
</dl>
 +
}}

Latest revision as of 11:32, 4 November 2024

Generate a CSR with SANs

  1. Connect to the Valt appliance via SSH
  2. Type in the following, and press Enter
    • nano csr_details.conf
  3. Copy and paste the following into nano:
  4. Make sure to update the CSR with your information.

    [req]
    default_bits = 2048
    prompt = no
    default_md = sha256
    req_extensions = req_ext
    distinguished_name = dn
    [ dn ]
    C=US
    ST=New York
    L=Rochester
    O=End Point
    OU=Testing Domain
    emailAddress=your-administrative-address@your-awesome-existing-domain.com
    CN = www.your-new-domain.com
    [ req_ext ]
    subjectAltName = @alt_names
    [ alt_names ]
    DNS.1 = your-new-domain.com
    DNS.2 = www.your-new-domain.com
  5. Update the information to match your installation. This is the same information you would normally put in a CSR.
  6. Press CTRL + X
  7. Enter Y.
  8. Press Enter.
  9. Type in the following, and press Enter
    • openssl req -new -sha256 -nodes -out valt.csr -newkey rsa:2048 -keyout valt.key -config csr_details.conf

    Make sure to update the CSR and key path for your installation.


Other Commands

Check a Certificate Signing Request (CSR)
openssl req -text -noout -verify -in valt.csr
Check a certificate
openssl x509 -in valt.cer -text -noout
Check a private key
openssl rsa -in valt.key -check