dotfiles/vim/wiki_html/openssl.html

<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <link type="text/css" rel="stylesheet" href="./styles/shCore.css" /> 
    <link type="text/css" rel="stylesheet" href="./style.css" /> 
    <link type="text/css" rel="stylesheet" href="./styles/shThemeDefault.css" /> 
    <script type="text/javascript" src="./scripts/shCore.js"></script> 
    <script type="text/javascript" src="./scripts/shBrushBash.js"></script>
    <script type="text/javascript" src="./scripts/shBrushJava.js"></script>
    <script type="text/javascript">
      SyntaxHighlighter.all();
    </script> 
  </head>
  <body>
<h1 id="toc_1">OpenSSL</h1>

<h2 id="toc_1.1">Erstellung eines Zertifikates</h2>

<pre class="brush: bash; toolbar: false;">
    $ openssl req -config openssl.cnf -new -newkey rsa:2048 -nodes -subj '/C=DE/ST=Hessen/L=Frankfurt am Main/O=Johann Wolfgang Goethe-Universitaet/OU=Hochschulrechenzentrum/CN=www.intrastent.uni-frankfurt.de' -keyout private_key_ellos.uni-frankfurt.de.pem -out cert_request_ellos.uni-frankfurt.de.pem
</pre>
    
<p>
mit der folgenden Einstellungen für //Subject Altnerative Names// in der openssl.cnf
</p>

<pre class="brush: bash; toolbar: false;">
    [req]
    req_extensions = v3_req

    [v3_req]
    # Extensions to add to a certificate request
    basicConstraints = CA:FALSE
    keyUsage = nonRepudiation, digitalSignature, keyEncipherment

    # Some CAs do not yet support subjectAltName in CSRs.
    # Instead the additional names are form entries on web
    # pages where one requests the certificate...
    subjectAltName          = @alt_names

    [alt_names]
    DNS.1   = www.foo.com
    DNS.2   = www.foo.org
</pre>

<p>
ob es funktioniert hat, überprüft man mit
</p>

<pre class="brush: bash; toolbar: false;">
    $ openssl req -text -noout -in $CSR_FILENAME
</pre>

   
<p>
[ <a href="index.html">Go home</a> ]
</p>

</body>
</html>