sh 自签名SAN证书

Posted 2021-05-07

# copy openssl.cnf to local directory
cp /etc/pki/tls/openssl.cnf ~/openssl.cnf

# open openssl.cnf and add the following to the end (changing domains as needed)
[ subject_alt_name ]
subjectAltName = DNS:www.example.com, DNS:site1.example.com, DNS:site2.example.com

# generate private key
openssl genrsa -out ca.key 2048

# Generate CSR 
openssl req -new -key ca.key -out ca.csr -config ~/openssl.cnf -extensions subject_alt_name

# Generate Self Signed Key
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

# Copy the files to the correct locations
cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr