Cheat Sheet

Generate self-signed certificates

Create a config file called ssl.conf.

ssl.conf
[ req ]
default_bits       = 4096
distinguished_name = req_distinguished_name
req_extensions     = req_ext

[ req_distinguished_name ]
countryName                 = Country Name (2 letter code)
countryName_default         = CA
stateOrProvinceName         = State or Province Name (full name)
stateOrProvinceName_default = Ontario
localityName                = Locality Name (eg, city)
localityName_default        = Toronto
organizationName            = Organization Name (eg, company)
organizationName_default    = Your_Company_Name
commonName                  = Common Name (e.g. server FQDN or YOUR name)
commonName_max              = 64
commonName_default          = yourdomain.com

[ req_ext ]
subjectAltName = @alt_names

[alt_names]
DNS.1   = anything.yourdomain.com
DNS.2   = *.anything.yourdomain.com

Then, create a private key.

openssl genrsa -out private.key 4096

To create the Singing Request, run:

openssl req -new -sha256 \
    -out private.csr \
    -key private.key \
    -config ssl.conf 

Check all info by running:

openssl req -text -noout -in private.csr

Finally, generate the certificate.

openssl x509 -req \
    -sha256 \
    -days 3650 \
    -in private.csr \
    -signkey private.key \
    -out private.crt \
    -extensions req_ext \
    -extfile ssl.conf

Validate SSL handshake

openssl s_client -state -nbio -connect https://PUT-SERVER-URL-OR-IP-HERE

Last updated