/munetakaJupyterHub/Computer/MongoDB/x.509-01/openSSL-selfsignedSAN.md

§2023-08-02

OpenSSL generate self signed certificate with SAN in one command (subject alternative name)@raymii.org

¶Generate Self Signed Certificate with SAN

If you are using OpenSSL 1.1.1 or higher you can simply use the -addext "subjectAltName = parameter like so:

openssl req -nodes -x509 -sha256 -newkey rsa:4096 \
  -keyout example.org.key \
  -out example.org.crt \
  -days 356 \
  -subj "/C=NL/ST=Zuid Holland/L=Rotterdam/O=ACME Corp/OU=IT Dept/CN=example.org"  \
  -addext "subjectAltName = DNS:localhost,DNS:example.org"

For OpenSSL 3.0.8 7 Feb 2023)

openssl req -new -nodes -keyout test.key  -out test.csr -days 3650 -subj "/C=US/ST=SCA/L=SCA/O=Oracle/OU=Java/CN=test cert" -config ./openssl.cnf -extensions v3_req

openssl x509 -req -days 3650 -in test.csr -CA cacert.pem -CAkey mongoCA.key -CAcreateserial -out test.pem -extfile ./openssl.cnf  -extensions v3_req