Generate certificate authority and sign certs - termcap/cybersecurity GitHub Wiki

Generate certificate authority key:
openssl genrsa -des3 -out hcv-ca.key 4096

Generate certificate authority certificate:
openssl req -x509 -new -nodes -key hcv-ca.key -sha256 -days 10950 -out hcv-ca.pem -subj "/C=CC/ST=CITY/L=CITY/O=My Comapany/OU=Cyber Security Unit/CN=Company SOC"

Check the certificate:
openssl x509 -in hcv-ca.pem -text -noout

Generate the key and CSR for the service to be singed by the CA:
openssl req -new -nodes -newkey rsa:4096 -keyout hcv.key -out hcv.csr -batch -config req.cnf

Contents of req.cnf:
C = XX
ST = XX
L = CITY
O = Company Name
OU = Unit Name
CN = Company SOC
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = hcv.company.com
DNS.2 = hcv1.company.com
DNS.3 = hcv2.company.com
DNS.4 = hcv3.company.com
DNS.5 = localhost
IP.1 = 127.0.0.1
IP.2 = 172.xx.xx.6
IP.3 = 172.xx.xx.7
IP.4 = 172.xx.xx.8
IP.5 = 172.xx.xx.9\

Sign the CSR with the certificate signing authority:
openssl x509 -req -in hcv.csr -CA hcv-ca.pem -CAkey hcv-ca.key -CAcreateserial -out hcv.crt -days 3650 -sha256 -extfile req.cnf