c Expand All C Collapse All

Technical Information

a

How to create CSR with SAN values using OpenSSL?

This FAQ shows how to create a Certificate Signing Request (CSR) file with SAN values on the webserver using OpenSSL.

Category: Technical Information

For creating CSR with SAN values (X.509 v3 Extension) it’s important to create a configuration file with the required certificate details. Execute following command in openssl.

openssl req -newkey rsa:2048 -nodes -keyout pvtkey.cer -config config.cnf -out csr.txt -utf8

It will create a Private key (pvtkey.cer) and CSR file (csr.txt).

Sample Configuration file (config.cnf)

[req]
prompt = no
distinguished_name = dn
req_extensions = ext

[dn]
CN = 192.168.2.23
O = Abc Corporation
L = Sydney
ST = New South Walse
C = AU

[ext]
subjectAltName = @alt_names

[alt_names]
IP.1 = 192.168.2.23
IP.2 = 10.12.4.122
DNS.1 = 192.168.2.23
DNS.2 = 10.12.4.22
DNS.3 = sms.abc.local
DNS.4 = localhost

It will generate CSR with CN=192.168.2.23 and 3 SAN values: 10.12.4.122, sms.abc.local and localhost.

Notice that when IP address is there in CN or SAN, we need to put its value against both IP Address and DNS. For others (URL, Servername etc) only DNS value is required.

Tags: Certificate Signing Request, CSR, DNS, IP Address, localhost, openssl, SAN, URL, X.509 v3 Extension
Permalink

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top
a

How to install Intranet SSL on Ubuntu Linux

It says how to install the issued SSL Certificate on Ubuntu Linux. It requires ‘openssl’ package to convert the certificate from PFX to PEM format. Then one needs to copy the PEM file to /etc/ssl/certs directory.

Categories: Installation FAQ, Technical Information

If you asked for the Intranet SSL without CSR, you would have received server.pfx file on email.

1. Copy the server.pfx file to the Ubuntu machine
2. Ensure that openssl package is installed on Ubuntu
3. Run the following command:
sudo openssl pkcs12 -in server.pfx -passin pass:inetssl2 -out serverpfx.pem -nodes
This will create a serverpfx.pem file, which contains the issued certificate, two CA certificates and the private key.
4. Move the serverpfx.pem file to /etc/ssl/certs/
5. Update the permissions:
sudo chmod 644 /etc/ssl/certs/serverpfx.pem
6. Restart the Apache service:
sudo service apache2 restart

In case, you wish us to make the serverpfx.pem file, write back to us on support@intranetssl.net

Tags: Installation, Linux, openssl, PEM, PFX, Ubuntu
Permalink

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top

Installation FAQ

a

How to install Intranet SSL on Ubuntu Linux

It says how to install the issued SSL Certificate on Ubuntu Linux. It requires ‘openssl’ package to convert the certificate from PFX to PEM format. Then one needs to copy the PEM file to /etc/ssl/certs directory.

Categories: Installation FAQ, Technical Information

If you asked for the Intranet SSL without CSR, you would have received server.pfx file on email.

1. Copy the server.pfx file to the Ubuntu machine
2. Ensure that openssl package is installed on Ubuntu
3. Run the following command:
sudo openssl pkcs12 -in server.pfx -passin pass:inetssl2 -out serverpfx.pem -nodes
This will create a serverpfx.pem file, which contains the issued certificate, two CA certificates and the private key.
4. Move the serverpfx.pem file to /etc/ssl/certs/
5. Update the permissions:
sudo chmod 644 /etc/ssl/certs/serverpfx.pem
6. Restart the Apache service:
sudo service apache2 restart

In case, you wish us to make the serverpfx.pem file, write back to us on support@intranetssl.net

Tags: Installation, Linux, openssl, PEM, PFX, Ubuntu
Permalink

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top