Pre Step
Check OpenSSL Version
openssl version
If Not Found Install
- Ubuntu/Debian:
sudo apt update sudo apt install openssl
- CentOS/RHEL/Fedora:
sudo yum install openssl # or sudo dnf install openssl
- Arch Linux:
sudo pacman -S openssl
- For Windows >> Refer to this blog
Create SAN File
san.cnf
[req] default_bits = 4096 distinguished_name = req_distinguished_name req_extensions = req_ext x509_extensions = v3_req prompt = no [req_distinguished_name] countryName = TH stateOrProvinceName = N/A localityName = N/A organizationName = Self-signed certificate (DebuggingSoft) commonName = 192.168.1.212: Self-signed certificate [req_ext] subjectAltName = @alt_names [v3_req] subjectAltName = @alt_names [alt_names] DNS.1 = localhost DNS.2 = investmentapp.ds DNS.3 = www.investmentapp.ds DNS.4 = investmentappdev.ds DNS.5 = www.investmentappdev.ds IP.1 = 127.0.0.1 IP.2 = 192.168.1.212 IP.3 = 128.1.0.18
Generate Cert File
Step 1: Generate a Private Key
openssl genpkey -algorithm RSA -out private.key -aes256 Enter PEM pass phrase: Inv$Cert1
Step 2: Create a configuration file for the CSR with SAN
see detail in file san.cnf
Step 3: Create a Certificate Signing Request (CSR) with SAN
openssl req -new -key private.key -out request.csr -config san.cnf
Step 4: Generate the Self-Signed Certificate with SAN
openssl x509 -req -days 365 -in request.csr -signkey private.key -out investmentapp.ds.crt -extensions req_ext -extfile san.cnf
Step 5: Convert to PKCS#12 (.p12) Format
openssl pkcs12 -export -out investmentapp.ds.p12 -inkey private.key -in investmentapp.ds.crt -password 'pass:1NvE$DeV21!12@' # Check Command openssl pkcs12 -info -in investmentapp.ds.p12 -password 'pass:1NvE$DeV21!12@'
Discover more from naiwaen@DebuggingSoft
Subscribe to get the latest posts sent to your email.
