Viktor,
On 03/09/2017 08:17 PM, Viktor Dukhovni wrote:
On Mar 9, 2017, at 6:49 PM, Robert Moskowitz <rgm@xxxxxxxxxxxxxxx> wrote:
I am creating self-signed certs with:
openssl req -new -outform PEM -out certs/$your_host_tld.crt -newkey rsa:2048 -nodes -keyout private/$your_host_tld.key -keyform PEM -days 3650 -x509 -extensions v3_req
Where, for example:
your_host_tld=z9m9z.test.htt-consult.com
Thing is that this then prompts for a number of fields
The simplest solution is to set the subject DN explicitly on the command-line:
$ umask 077 # avoid world-readable private keys
Perhaps (no perhaps about it) this is old information, but I picked up
that I needed:
chmod 640 for the private keys for Apache. (and postfix and others use
these certs; at least they are in their confs)
$ openssl req -new -newkey rsa:2048 -nodes -keyout private/$your_host_tld.key \
-x509 -subj "/CN=$(uname -n)" -out certs/$your_host_tld.crt \
-days 3650 -extensions v3_req
Fore more advanced related approaches see:
https://raw.githubusercontent.com/openssl/openssl/master/test/certs/mkcert.sh
Looks like this is pointing me in the direction I want to go. I will
dig more into this approach.
thank you
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
