[ req ]
default_bits = 2048 # Can be 1024-4096
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no # Don't ask params, read it from file
[ req_dn ]
C=RU # Country Name (2 letter code)
ST=Russia # State or Province Name (full name)
L=Moscow # Locality Name (eg, city)
O=adc server # Organization Name (eg, company)
OU=adc ssl key # Organizational Unit Name (eg, section)
CN=adc.su # Common Name (eg, YOUR name, *.example.com is also possible)
emailAddress=tech@adc.su # Email Address
[ cert_type ]
nsCertType = server
[ v3_req ]
subjectAltName = email:copy,DNS:adc.su,DNS:ns.adc.su,DNS:212.109.199.94
#!/bin/sh
#######################################################################
### Generates a self-signed certificate #############################
#######################################################################
SSL_dir=./
SSL_config=$SSL_dir/gen_SSL.conf
CERT_file=$SSL_dir/server_cert.pem
KEY_file=$SSL_dir/server_key.pem
if [ -f $CERT_file ]; then
echo "$CERT_file already exists, won't overwrite"
exit 1
fi
if [ -f $KEY_file ]; then
echo "$KEY_file already exists, won't overwrite"
exit 1
fi
/usr/bin/openssl req -new -x509 -days 365 -nodes -extensions v3_req -config $SSL_config -out $CERT_file -keyout $KEY_file || exit 2
chmod 0600 $KEY_file
echo
/usr/bin/openssl x509 -subject -fingerprint -noout -in $CERT_file || exit 2
Автор
Тема: [manual, FreeBSD] создание самоподписанного сертификата (Прочитано 11884 раз)