[ req ]
default_bits = 2048
default_md = sha256
distinguished_name = req_distinguished_name
x509_extensions = v3_ca
req_extensions = v3_req
[ req_distinguished_name ]
countryName = Country
countryName_default = HK
countryName_min = 2
countryName_max = 2
localityName = Locality
localityName_default = HongKong
organizationName = Organization
organizationName_default = myCompany
commonName = Common Name
commonName_max = 64
[ CA_default ]
copy_extensions = copy
[ certauth ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints = CA:true
[ server ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
nsCertType = server
subjectAltName = @alt_names
[ client ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = clientAuth
nsCertType = client
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = CA:true
[ v3_req ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
subjectAltName = @alt_names
[alt_names]
DNS.1 = domain1.local
DNS.2 = *.domain1.local
$ openssl genrsa -out domain1.key 2048
$ openssl req -config ./openssl-domain1.cnf -new -key domain1.key -out domain1.req
Country [HK]:
Locality [HongKong]:
Organization [myCompany]:
Common Name []:*.domain1.local
$ openssl x509 -req -in domain1.req -CA domain-ca.cer -CAkey domain-ca.key -set_serial 10004 -extfile openssl-domain1.cnf -extensions server -days 365 -outform PEM -out domain1.cer
$ openssl pkcs12 -inkey domain1.key -in domain1.cer -export -out domain1.pfx
Enter Export Password:
Verifying - Enter Export Password: