Pages

Showing posts with label openssl. Show all posts
Showing posts with label openssl. Show all posts

Sunday, November 5, 2017

Creating CSR with multiple Domains With Openssl

Creating a CSR (Certificate Signing Request) with multiple domains using OpenSSL involves generating a private key and a CSR file, which includes the details of the domain(s) to be included in the certificate. The process involves the following steps:

Generate a private key using the openssl command with the following syntax:

openssl genrsa -out domain.key 2048

This generates a private key file named "domain.key" with 2048 bits of encryption.

Create a configuration file (e.g. domain.conf) that contains the details of the domains to be included in the certificate. This file should contain the following details:

[req]
default_bits       = 2048
default_keyfile    = domain.key
distinguished_name = req_distinguished_name
req_extensions     = req_ext

[req_distinguished_name]
countryName             = Country Name (2 letter code)
stateOrProvinceName     = State or Province Name (full name)
localityName            = Locality Name (eg, city)
organizationName        = Organization Name (eg, company)
commonName              = Common Name (e.g. server FQDN or YOUR name)
emailAddress            = Email Address

[req_ext]
subjectAltName          = @alt_names

[alt_names]
DNS.1                  = example.com
DNS.2                  = www.example.com
DNS.3                  = subdomain.example.com


In the example above, "example.com", "www.example.com", and "subdomain.example.com" are included as the alternate domain names.

Generate a CSR file using the openssl command with the following syntax:

openssl req -new -sha256 -key domain.key -out domain.csr -config domain.conf

This generates a CSR file named "domain.csr" that contains the details of the private key and the alternate domain names specified in the configuration file.

Submit the CSR file to a Certificate Authority (CA) to obtain a signed SSL certificate that can be installed on the server.

Overall, this process allows for the creation of a CSR file with multiple domain names that can be used to obtain a signed SSL certificate to secure those domains.

Wednesday, August 3, 2016

Extract public/private key from a PKCS#12

You can use following commands to extract public/private key from a PKCS#12 container:
  • Private key:
    openssl pkcs12 -in yourP12File.pfx -nocerts -out privateKey.pem
  • Certificates:
    openssl pkcs12 -in yourP12File.pfx -clcerts -nokeys -out publicCert.pem
    You can add -nocerts to only output the private key or add -nokeys to only output the certificates.
  •  openssl pkcs12 -in Sample.pfx -out Sample.pem -nodes