Wiki
Clone wikikobo-install / ssl
SSL
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ~/src/ssl/nginx.key -out ~/src/ssl/nginx.crt
cp /etc/ssl/openssl.cnf /tmp echo '[ subject_alt_name ]' >> /tmp/openssl.cnf echo 'subjectAltName = DNS:kc.unhcr.org, DNS:enketo.unhcr.org' >> /tmp/openssl.cnf openssl req -x509 -nodes -newkey rsa:2048 \ -config /tmp/openssl.cnf \ -extensions subject_alt_name \ -keyout www.example.com.key \ -out www.example.com.pem \ -subj '/C=XX/ST=XXXX/L=XXXX/O=XXXX/OU=XXXX/CN=www.example.com/emailAddress=postmaster@example.com'
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ -config ./openssl.cnf \ -extensions subject_alt_name \ -keyout ~/src/ssl/kobo.unhcr.org.key \ -out ~/src/ssl/kobo.unhcr.org.crt \ -subj '/C=CH/ST=Geneva/L=Geneva/O=UNHCR/OU=DIST/CN=kobo.unhcr.org/emailAddress=quintoe@unhcr.org'
openssl x509 -in ~/src/ssl/kobo.unhcr.org.crt -text -noout
CSR Generation
openssl genrsa -out SAN.unhcr.org.key 2048 openssl req -new -key SAN.unhcr.org.key -out SAN.unhcr.org.csr -config openssl-SAN.cnf
openssl req -noout -text -in SAN.unhcr.org.csr
Self-signed certificate
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ -config ./openssl-SAN.cnf \ -keyout ~/src/ssl/SAN.unhcr.org.key \ -extensions subject_alt_name \ -out ~/src/ssl/SAN.unhcr.org.crt \ -subj '/C=CH/ST=Geneva/L=Geneva/O=UNHCR/OU=DIST/CN=kobo.unhcr.org/emailAddress=SSLCertificates@unhcr.org'
check: openssl x509 -text -noout -in SAN.unhcr.org.crt
Updated