Difference between revisions of "Generate a CSR with SANs"

From IVS Wiki
Jump to: navigation, search
Line 37: Line 37:
 
{{Aside | content = Make sure to update the CSR and key path for your installation.}}
 
{{Aside | content = Make sure to update the CSR and key path for your installation.}}
 
</ol>
 
</ol>
 +
}}
 +
 +
{{Section | title = Other Commands | content =
 +
<dl>
 +
<dt>Check a Certificate Signing Request (CSR)</dt>
 +
  <dd>{{Code Block - Mini | text = <span class="code_regex">openssl</span> req -text -noout -verify -in <span class="code_file">valt.csr</span>}}</dd>
 +
<dt>Check a certificate</dt>
 +
  <dd>{{Code Block - Mini | text = <span class="code_regex">openssl</span> x509 -in <span class="code_file">valt.cer</span> -text -noout}}</dd>
 +
<dt>Check a private key</dt>
 +
  <dd>{{Code Block - Mini | text = <span class="code_regex">openssl</span> rsa -in <span class="code_file">valt.key</span> -check}}</dd>
 +
</dl>
 
}}
 
}}

Revision as of 15:08, 1 August 2023

  1. Connect to the Valt appliance via SSH
  2. Type in the following, and press Enter
    • nano csr_details.conf
  3. Copy and paste the following into nano:
  4. Make sure to update the CSR with your information.

    [req]
    default_bits = 2048
    prompt = no
    default_md = sha256
    req_extensions = req_ext
    distinguished_name = dn
    [ dn ]
    C=US
    ST=New York
    L=Rochester
    O=End Point
    OU=Testing Domain
    emailAddress=your-administrative-address@your-awesome-existing-domain.com
    CN = www.your-new-domain.com
    [ req_ext ]
    subjectAltName = @alt_names
    [ alt_names ]
    DNS.1 = your-new-domain.com
    DNS.2 = www.your-new-domain.com
  5. Update the information to match your installation. This is the same information you would normally put in a CSR.
  6. Press CTRL + X
  7. Enter Y.
  8. Press Enter.
  9. Type in the following, and press Enter
    • openssl req -new -sha256 -nodes -out valt.csr -newkey rsa:2048 -keyout valt.key -config csr_details.conf

    Make sure to update the CSR and key path for your installation.

Other Commands
Check a Certificate Signing Request (CSR)
openssl req -text -noout -verify -in valt.csr
Check a certificate
openssl x509 -in valt.cer -text -noout
Check a private key
openssl rsa -in valt.key -check