47 lines
1.0 KiB
Markdown
47 lines
1.0 KiB
Markdown
# Regenerating Fixture Certificates
|
|
|
|
You don't need to keep the key file generated by this process.
|
|
|
|
1. Certificate with an email as subjectAltName:
|
|
|
|
```
|
|
openssl req -x509 \
|
|
-newkey rsa:4096 \
|
|
-sha256 \
|
|
-nodes \
|
|
-days 3650 \
|
|
-keyout _foo.key \
|
|
-out artgarfunkel@uso.mil.crt \
|
|
-subj "/CN=GARFUNKEL.ART.G.5892460358" \
|
|
-extensions SAN \
|
|
-config <(cat /etc/ssl/openssl.cnf; echo '[SAN]'; echo 'subjectAltName=email:artgarfunkel@uso.mil')
|
|
```
|
|
|
|
2. Certificate with a DNS name as subjectAltName:
|
|
|
|
```
|
|
openssl req -x509 \
|
|
-newkey rsa:4096 \
|
|
-sha256 \
|
|
-nodes \
|
|
-days 3650 \
|
|
-keyout _foo.key \
|
|
-out no-email.crt \
|
|
-subj "/CN=GARFUNKEL.ART.G.5892460358" \
|
|
-extensions SAN \
|
|
-config <(cat /etc/ssl/openssl.cnf; echo '[SAN]'; echo 'subjectAltName=DNS:artgarfunkel.com')
|
|
```
|
|
|
|
3. Certificate with no subjectAltName:
|
|
|
|
```
|
|
openssl req -x509 \
|
|
-newkey rsa:4096 \
|
|
-sha256 \
|
|
-nodes \
|
|
-days 3650 \
|
|
-keyout _foo.key \
|
|
-out no-san.crt \
|
|
-subj "/CN=GARFUNKEL.ART.G.5892460358"
|
|
```
|