ich versuche ein selbstsigniertes Zertifikat zu erstellen, dass zusätzlich auch eine IP-Adresse mit einbezieht.
Ich habe mir in /etc/ssl eine Datei namens req.conf angelegt.
Code: Alles auswählen
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = DE
ST = XX
L = Xxxxxxx
O = organisation
OU = IT
CN = domain
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
IP.1 = 192.168.178.38
Code: Alles auswählen
#!/bin/sh
cd /etc/verzeichnis/certs/
openssl genrsa -out server.key 2048
openssl req -new -out server.csr -key server.key -config /etc/ssl/req.conf
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
rm server.csr
/etc/init.d/nginx restart
exit 0
Code: Alles auswählen
pi@pcf-cloud:/etc/verzeichnis/certs $ keyUsage openssl x509 -in server.crt -noout -text
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
c3:1d:df:f1:05:12:31:28
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=XX, L=Xxxxxx, O=organisation, OU=IT, CN=domain
Validity
Not Before: Apr 4 18:34:29 2017 GMT
Not After : Apr 2 18:34:29 2027 GMT
Subject: C=DE, ST=XX, L=Xxxxxx, O=organisation, OU=IT, CN=domain
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:e8:a6:7f:c0:e1:3b:ab:b3:dd:57:05:f5:6b:f1:
3a:cb:54:d2:fb:dc:c4:e8:a9:96:0f:61:2f:01:34:
d0:57:e8:8a:49:43:1e:91:dd:87:1f:b8:dd:49:2d:
c7:9b:d6:1e:5b:e7:97:23:f1:52:45:d3:5b:1c:d2:
25:aa:db:07:22:4c:90:8f:c9:e6:be:4e:37:13:c1:
21:f2:c6:04:81:6a:37:6f:95:52:fd:c1:81:78:52:
*** modified by TE ***
42:aa:2b:c4:9b:8d:8e:18:da:a6:d2:f6:77:85:70:
45:7d:04:d6:03:ff:88:09:80:7a:ef:57:c3:53:77:
75:07:c8:95:45:d1:ff:c5:94:cb:a5:33:19:84:30:
61:09:ba:00:12:b0:be:14:68:9d:7b:f6:38:40:5c:
b1:55:4b:2c:98:9c:2d:8c:45:de:7b:73:5a:4d:d6:
06:7e:db:c4:5c:02:ee:fb:e9:80:b1:bd:26:53:ae:
b0:8b:20:a6:f7:9f:23:fe:98:40:2b:45:16:11:4f:
c5:bd:62:a4:0b:46:2b:d4:40:1d:41:48:e5:93:ff:
88:6b
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
2f:d0:bb:8a:d7:08:c7:f5:03:d2:8c:de:7d:dd:97:55:e8:29:
38:67:b2:af:61:ce:34:71:47:88:46:35:f6:6d:f1:fc:f4:68:
a9:84:56:dc:43:d8:e4:79:b9:7a:a4:c5:1b:7f:d1:c7:ed:61:
2e:03:6a:44:20:5c:69:be:9b:71:4f:fd:36:50:88:e5:e4:b6:
14:87:fb:67:41:4d:e3:05:86:43:dd:c3:3c:64:04:34:d5:30:
0c:3b:7e:f1:64:78:ba:16:b7:e4:0a:5b:2d:cc:ce:0f:3c:b4:
b0:c9:9c:71:15:dd:a1:03:d8:5c:ee:5a:02:19:01:9f:bf:2c:
*** modified by TE ***
51:d0:3d:22:a0:31:3c:2f:23:3d:7d:f3:7f:41:21:cd:6c:66:
97:79:5f:e8:26:ce:f6:4f:67:a7:5c:4b:c4:6f:5e:45:46:b0:
6c:08:63:11:93:df:b9:83:7f:76:2c:5c:74:69:ed:27:67:19:
a1:73:dd:34:98:e4:cc:61:28:57:33:47:70:00:63:a6:06:f2:
04:1c:f8:43
pi@pcf-cloud:/etc/verzeichnis/certs $
LG // neph