Jun 152016

With advent of Letsencrypt service this may seem unnecessary. But sometimes you just need to quickly generate SSL certificate to secure internal/test service…

Install OpenSSL, Debian/Ubuntu

sudo apt-get -y install openssl

or Centos

yum install openssl

Create file

vim multidomains.conf

# openssl req -sha256 -config multidomains.conf -keyout server.key -out server.csr -new
[ req ]
default_bits = 4096 # avoid to specify a value under 1024...
prompt = no # if you want to type a lot of stuff, say Yes here
encrypt_key = no # see question in our FAQ to help you...
default_md = sha256
distinguished_name = dn
[ dn ]
C = PL
O = Cebula Computer Systems
0.CN = hostA.mielnet.pl
1.CN = aka.mielnet.pl
L = Kocborowo
OU = IT Services


Generate key and csr with

openssl req -sha256 -config multidomains.conf -keyout server.key -out server.csr -new
# you can display CSR with:
openssl req -text -noout -in server.csr
# pay attention to Signature Algorithm, we want sha256WithRSAEncryption


Finally generate certificate

openssl x509 -sha256 -days 3650 -req -in server.csr -signkey server.key > server.crt
# you can display certificate with:
openssl x509 -text -in server.crt 

# again, we want Signature Algorithm sha256WithRSAEncryption


  One Response to “quick SSL self signed certificate for multidomains”

  1. […] I’m using same SSL certificate that is being used with Logstash. Generating self signed SSL certificate is covered here. […]

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>



This site uses Akismet to reduce spam. Learn how your comment data is processed.