38 lines
1.1 KiB
Plaintext
38 lines
1.1 KiB
Plaintext
=!OpenSSL=
|
|
|
|
==Erstellung eines Zertifikates==
|
|
|
|
{{{class="brush: bash; toolbar: false;"
|
|
$ openssl req -config openssl.cnf -new -newkey rsa:2048 -nodes -subj '/C=DE/ST=Hessen/L=Frankfurt am Main/O=Johann Wolfgang Goethe-Universitaet/OU=Hochschulrechenzentrum/CN=www.intrastent.uni-frankfurt.de' -keyout private_key_ellos.uni-frankfurt.de.pem -out cert_request_ellos.uni-frankfurt.de.pem
|
|
}}}
|
|
|
|
mit der folgenden Einstellungen für //Subject Altnerative Names// in der openssl.cnf
|
|
|
|
{{{class="brush: bash; toolbar: false;"
|
|
[req]
|
|
req_extensions = v3_req
|
|
|
|
[v3_req]
|
|
# Extensions to add to a certificate request
|
|
basicConstraints = CA:FALSE
|
|
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
|
|
|
# Some CAs do not yet support subjectAltName in CSRs.
|
|
# Instead the additional names are form entries on web
|
|
# pages where one requests the certificate...
|
|
subjectAltName = @alt_names
|
|
|
|
[alt_names]
|
|
DNS.1 = www.foo.com
|
|
DNS.2 = www.foo.org
|
|
}}}
|
|
|
|
ob es funktioniert hat, überprüft man mit
|
|
|
|
{{{class="brush: bash; toolbar: false;"
|
|
$ openssl req -text -noout -in $CSR_FILENAME
|
|
}}}
|
|
|
|
|
|
[ [[index|Go home]] ]
|