Generate Cert with alternative Names

title: “Generate Cert with alternative Names”
date: 2020-11-25T16:08:29
slug: 1340-2

server_rootCA.csr.cnf

[req]
default\_bits = 2048
prompt = no
default\_md = sha256
distinguished\_name = dn
[dn]
C=DE
ST=Bayern
L=Muenchen
O=Strasse
OU=RootCA
emailAddress=thomas.asanger@noris.de
CN = elasticsearch-master-headless

v3.ext

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt\_names
[alt\_names]
DNS.1 = elasticsearch
DNS.2 = elasticsearch.openshift-logging.svc
DNS.3 = elasticsearch.openshift-logging.svc.cluster.local
DNS.4 = elasticsearch-master.openshift-logging.svc
DNS.5 = elasticsearch-master.openshift-logging.svc.cluster.local
IP.1 = 127.0.0.1

openssl req -new -sha256 -nodes -out elastic.csr -newkey rsa:2048 -keyout elastic.key -config <( cat server\_rootCA.csr.cnf )
openssl x509 -req -in elastic.csr -CA tls.crt -CAkey tls.key -CAcreateserial -out elastic.crt -days 3650 -sha256 -extfile v3.ext
openssl x509 -in elastic.crt -text -noout
Print Friendly, PDF & Email