Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env bash
- filename="$1server"
- openssl req -new -sha256 -nodes -out ./../nginx/ssl/${filename}.csr -newkey rsa:2048 -keyout ./../nginx/ssl/${filename}.key -config <( cat ${filename}_csr.txt )
- openssl x509 -req -in ./../nginx/ssl/${filename}.csr -CA ~/ssl/rootCA.pem -CAkey ~/ssl/rootCA.key -CAcreateserial -out ./../nginx/ssl/${filename}.crt -days 500 -sha256
- [req]
- default_bits = 2048
- prompt = no
- default_md = sha256
- req_extensions = req_ext
- distinguished_name = dn
- [ dn ]
- C=US
- ST=New York
- L=Rochester
- O=End Point
- OU=Testing Domain
- emailAddress=your-administrative-address@your-awesome-existing-domain.com
- CN = localhost
- [ req_ext ]
- subjectAltName = @alt_names
- [ alt_names ]
- DNS.1 = localhost
- server_csr.txt
- Generating a 2048 bit RSA private key
- .........................................................................................................+++
- ...............................+++
- writing new private key to './../nginx/ssl/server.key'
- -----
- Signature ok
- subject=/C=US/ST=New York/L=Rochester/O=End Point/OU=Testing Domain/emailAddress=your-administrative-address@your-awesome-existing-domain.com/CN=localhost
- Getting CA Private Key
- Enter pass phrase for /home/alexzeitler/ssl/rootCA.key:
- This server could not prove that it is localhost; its security certificate is from [missing_subjectAltName]. This may be caused by a misconfiguration or an attacker intercepting your connection.
- Certificate Request:
- Data:
- Version: 0 (0x0)
- Subject: C=US, ST=New York, L=Rochester, O=End Point, OU=Testing Domain/emailAddress=your-administrative-address@your-awesome-existing-domain.com, CN=localhost
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:cf:ec:6d:54:6e:db:e0:9c:cd:17:c2:dd:bf:81:
- 1e:52:bb:62:27:04:f3:13:8e:01:69:47:fa:93:92:
- 57:b3:77:be:51:87:9b:c8:40:f1:28:de:df:cb:d2:
- fd:87:fb:00:a1:c4:17:30:4c:9a:fd:e0:b6:d0:8c:
- a0:c9:01:f4:71:5f:63:ee:6d:4c:5a:b4:4d:ca:60:
- d4:0b:dc:6f:c1:2b:62:95:44:76:ec:45:bf:cb:39:
- 4a:0a:e4:f7:84:56:d0:1b:11:2c:e7:a8:b6:f6:bc:
- 46:89:bb:4b:44:3c:7d:9d:d8:cc:75:4c:4c:72:15:
- b4:58:77:9b:38:61:72:4c:b2:45:55:a2:34:06:aa:
- 4c:9d:54:cb:a4:bf:58:26:88:11:81:17:a3:52:ab:
- c8:38:f7:c5:55:78:af:d3:be:3f:70:95:79:d9:79:
- 10:45:5f:e9:10:e9:56:6f:b5:fa:b9:36:2e:c8:40:
- c5:fa:86:66:12:82:ec:ab:45:75:54:ec:93:40:9f:
- d1:cc:8f:18:31:8b:62:1c:20:da:6e:19:17:89:c5:
- 6f:c5:b9:23:a0:86:6e:70:f9:2a:b1:e3:87:dc:a2:
- 57:99:16:05:d4:85:01:43:34:48:d5:b4:39:35:63:
- 46:81:d2:f1:b8:66:e2:21:31:c3:8a:02:f7:8f:a9:
- b4:8b
- Exponent: 65537 (0x10001)
- Attributes:
- Requested Extensions:
- X509v3 Subject Alternative Name:
- DNS:localhost
- Signature Algorithm: sha256WithRSAEncryption
- 60:d7:11:95:45:9b:b6:35:ed:b7:31:2b:14:5d:c7:57:bb:cd:
- fc:3b:c4:97:01:aa:46:4c:58:9b:f8:4c:44:e2:12:46:2d:69:
- 5f:95:10:02:fd:79:e1:30:cb:a9:f9:41:b2:a7:b6:fa:e3:2f:
- e9:c6:7c:3e:3a:b1:db:64:b9:6e:ab:a1:98:82:0c:df:cf:b5:
- e9:7f:17:f0:87:c9:09:15:ab:c8:9b:a2:d8:b3:37:a8:13:2e:
- 05:f5:ab:18:4c:cf:d9:6d:d0:05:c4:90:b5:0e:a5:c2:24:6d:
- 12:fb:e1:64:5c:d0:6f:5a:86:a3:d2:1f:b8:73:12:1e:39:28:
- a9:50:a4:88:fb:e6:24:95:17:43:76:22:7d:57:48:af:84:36:
- 66:30:d8:3b:88:3b:4c:c5:44:fc:92:75:16:b6:9a:22:4b:cf:
- b2:9b:19:e2:15:d4:9c:04:85:8d:7a:59:f7:13:7c:be:d4:4f:
- c5:d8:02:79:ab:98:3f:91:0e:da:ba:8b:68:01:d3:71:cb:f0:
- 55:22:fe:f8:55:41:ef:ac:f4:55:48:06:ce:75:ba:33:5c:b2:
- 7b:f3:a7:b4:c3:ec:c0:52:ec:e1:56:64:84:cb:fa:a1:ca:0c:
- c0:c3:87:e4:f4:c1:5b:8b:92:00:26:9d:a8:6b:35:58:1f:ad:
- 9e:91:ba:5b
- Certificate:
- Data:
- Version: 1 (0x0)
- Serial Number: 17237690484651272010 (0xef38942aa5c5274a)
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: C=US, ST=New York, L=Rochester, O=End Point, CN=localhost/emailAddress=your-administrative-address@your-awesome-existing-domain.com
- Validity
- Not Before: Apr 23 15:42:28 2017 GMT
- Not After : Sep 5 15:42:28 2018 GMT
- Subject: C=US, ST=New York, L=Rochester, O=End Point, OU=Testing Domain/emailAddress=your-administrative-address@your-awesome-existing-domain.com, CN=localhost
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:af:ee:7c:7a:2c:3c:5c:a6:57:ce:81:cf:22:49:
- 3c:d3:c4:6d:3a:71:a8:c7:cf:04:cc:68:4a:e6:03:
- 7c:9d:9d:49:c7:4f:8e:33:09:5b:73:9b:a0:21:51:
- 27:c6:e6:d0:ac:f5:5e:1d:4f:f8:60:9f:a1:50:1e:
- dd:1f:bc:20:44:6f:42:c8:de:2a:6f:04:b7:21:aa:
- cb:82:18:5e:fa:d8:68:5d:e5:c6:a0:cb:39:e3:91:
- 60:99:3f:ae:63:ab:9c:23:e9:03:0c:ca:10:23:8f:
- 76:e1:5c:55:10:b7:e1:e7:aa:e7:24:4d:49:ff:d0:
- c7:67:f6:8a:1d:36:12:15:49:2d:33:c9:39:d4:3f:
- 7f:b6:a5:9e:ac:b5:55:75:aa:bc:7f:f4:c2:85:b4:
- 18:f1:76:3c:5e:a3:df:47:00:1c:e6:ac:d5:3c:f3:
- ac:ff:f2:f0:7a:43:3f:63:bd:77:86:ea:3f:e5:35:
- 04:fa:3c:2a:0c:34:b5:36:ee:a0:b2:50:f9:08:31:
- b8:76:27:af:c7:c6:5a:af:52:07:6f:c3:d6:6c:97:
- 6b:9b:cb:cd:c7:01:4f:33:7e:2f:09:06:b0:71:1a:
- 9a:9f:30:d4:c3:67:89:15:dc:df:ad:68:44:54:29:
- 26:d0:ca:8e:f6:eb:dd:f3:1a:74:63:89:b4:c5:72:
- 82:af
- Exponent: 65537 (0x10001)
- Signature Algorithm: sha256WithRSAEncryption
- 42:f7:c4:1e:47:dc:e7:81:3a:b0:83:a8:fd:51:53:32:f7:80:
- 76:b4:ec:a8:44:17:5a:18:29:68:9f:14:4a:1c:35:87:3e:7a:
- 13:95:0c:8b:5b:2f:f9:f0:42:56:51:9c:a9:9f:7f:77:45:7d:
- 6c:1d:1c:39:75:99:4a:c5:22:c4:d9:1d:11:bb:bf:7d:56:7b:
- a7:18:fc:2a:c3:32:c1:72:3a:17:0e:1d:27:f1:f3:b6:72:91:
- 5d:38:64:6c:98:03:8b:17:88:ce:2c:a2:dc:2a:86:a0:e8:23:
- e8:07:79:ac:05:62:b1:17:10:84:82:02:23:4a:10:9a:2a:b3:
- 9c:5d:05:71:31:43:f3:28:4e:28:bd:31:49:21:1f:39:b0:6b:
- 39:27:1c:1a:8e:b8:92:e9:e7:76:a2:e7:3e:6c:ba:fc:56:f1:
- 78:85:3f:68:ea:db:50:88:b4:8a:fc:ea:73:04:4b:8a:54:86:
- 5e:0d:fc:b4:70:72:c9:5a:c7:cf:cb:19:e2:9a:b9:af:c6:3e:
- 55:06:1c:7c:62:44:b3:e6:57:2b:0f:cc:33:9e:28:5f:62:85:
- 05:27:4c:f0:de:6c:d6:fb:e4:de:2f:41:99:34:b2:b1:7d:12:
- b6:d6:96:a5:4b:c4:49:6b:49:bf:c5:86:e6:3c:3e:f3:e3:ef:
- a9:d3:21:5e
- sudo openssl x509 -req -in ./../nginx/ssl/${filename}.csr -CA ~/ssl/rootCA.pem -CAkey ~/ssl/rootCA.key -CAcreateserial -out ./../nginx/ssl/${filename}.crt -days 500 -sha256 -extfile v3.ext
- authorityKeyIdentifier=keyid,issuer
- basicConstraints=CA:FALSE
- keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
- subjectAltName = @alt_names
- [alt_names]
- DNS.1 = localhost
- Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 17237690484651272016 (0xef38942aa5c52750)
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: C=US, ST=New York, L=Rochester, O=End Point, CN=localhost/your-administrative-address@your-awesome-existing-domain.com
- Validity
- Not Before: Apr 23 16:07:38 2017 GMT
- Not After : Sep 5 16:07:38 2018 GMT
- Subject: C=US, ST=New York, L=Rochester, O=End Point, OU=Testing Domain/emailAddress=your-administrative-address@your-awesome-existing-domain.com, CN=localhost
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:b2:e3:bd:ed:28:04:85:ea:75:ee:d2:82:e1:eb:
- f5:5f:7f:cf:7e:cb:70:de:86:9f:75:7c:f3:71:e7:
- da:16:fb:bc:1f:89:bc:47:08:77:ca:33:20:f1:c1:
- 9e:e3:20:8d:89:14:7e:c1:0a:12:d2:59:24:56:9b:
- 77:90:5f:69:d1:a5:f1:00:38:93:1b:a7:75:f1:33:
- e2:da:dc:32:a9:0a:85:7d:9a:20:81:ca:20:ee:86:
- ce:e2:a0:52:d2:ab:11:34:e5:52:99:3a:81:c6:9f:
- 6b:0f:6a:02:2b:38:a6:84:c9:ba:fa:9b:ef:0a:89:
- 22:4b:79:86:3c:bd:44:a5:54:fb:cf:4d:8b:d1:44:
- 03:35:22:de:69:77:c8:fa:4d:c6:01:25:08:9f:4d:
- a9:79:7a:aa:ca:03:b6:e4:51:57:22:27:5f:a7:12:
- 11:f3:e6:00:29:f6:58:be:2c:aa:09:e4:06:45:d9:
- 3f:75:a7:f0:75:bd:2b:a6:bb:6d:ad:93:bb:b9:1d:
- d7:75:39:4e:9b:1d:0e:39:cc:17:74:88:f7:e2:b7:
- 85:12:96:e0:cb:42:56:d0:11:e0:84:86:e5:14:a5:
- f2:6d:43:5d:f9:59:ae:61:7f:01:ae:95:b8:92:27:
- 1d:1c:02:d7:ad:fb:ee:f6:25:38:60:c8:41:20:17:
- 80:69
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Authority Key Identifier:
- keyid:5A:8D:89:64:BD:F2:3E:C2:D7:7B:BE:17:84:F4:29:E8:C5:32:35:34
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Key Usage:
- Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
- X509v3 Subject Alternative Name:
- DNS:localhost
- Signature Algorithm: sha256WithRSAEncryption
- 27:1d:d6:84:50:33:d2:ff:b1:06:9b:fa:f1:40:7d:47:11:bc:
- f7:80:fd:26:87:0e:91:9f:14:be:1f:1d:9b:32:d1:fb:d6:8d:
- af:30:8a:88:38:8c:1c:bf:77:98:8e:cd:06:48:82:fa:09:b9:
- 3c:0d:38:c4:a0:da:b7:4d:f5:81:5f:5a:76:04:61:f8:c2:1a:
- 17:ad:56:7c:72:ba:f6:65:7f:7f:e7:5e:b2:34:ba:13:23:57:
- 84:f1:c5:ca:dd:5b:55:69:95:71:44:4a:30:53:61:5c:ad:47:
- d8:9c:d5:a2:1b:18:2d:e1:19:35:3e:3f:b2:7e:fd:bf:f3:d0:
- 45:dc:f5:57:f0:1b:cd:70:1b:e0:34:de:27:98:89:b4:a5:25:
- a5:6c:29:c3:89:a6:a5:c5:4d:f5:45:3b:47:8e:13:45:23:07:
- 5e:d6:59:0d:96:c6:a3:f0:c5:3d:ee:a8:ad:36:96:43:13:a1:
- b8:55:f6:c7:10:7e:8f:5d:09:ef:61:17:2a:9c:3b:50:28:c8:
- e3:8d:a6:34:06:50:d4:3e:d5:17:ea:7d:31:97:d3:ee:df:b5:
- 23:66:5e:22:b7:e4:fa:36:4f:9a:d5:f0:a3:f9:b4:2b:27:02:
- 0b:41:94:d1:a1:f7:1b:2c:7e:74:e6:14:c3:b5:67:15:d2:ca:
- 02:77:57:a6
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement