Jun 152016

With advent of Letsencrypt service this may seem unnecessary. But sometimes you just need to quickly generate SSL certificate to secure internal/test service…

Install OpenSSL, Debian/Ubuntu

sudo apt-get -y install openssl

or Centos

yum install openssl

Create file

vim multidomains.conf

# openssl req -sha256 -config multidomains.conf -keyout server.key -out server.csr -new
[ req ]
default_bits = 4096 # avoid to specify a value under 1024...
prompt = no # if you want to type a lot of stuff, say Yes here
encrypt_key = no # see question in our FAQ to help you...
default_md = sha256
distinguished_name = dn
[ dn ]
C = PL
O = Cebula Computer Systems
0.CN = hostA.mielnet.pl
1.CN = aka.mielnet.pl
L = Kocborowo
OU = IT Services


Generate key and csr with

openssl req -sha256 -config multidomains.conf -keyout server.key -out server.csr -new
# you can display CSR with:
openssl req -text -noout -in server.csr
# pay attention to Signature Algorithm, we want sha256WithRSAEncryption


Finally generate certificate

openssl x509 -sha256 -days 3650 -req -in server.csr -signkey server.key > server.crt
# you can display certificate with:
openssl x509 -text -in server.crt 

# again, we want Signature Algorithm sha256WithRSAEncryption