Powered by

# Request and sign a new cert

  1. Run this commands on the target server
openssl genrsa -out <key filename>.key

#interactive creation
openssl req -new -key <key filename>.key -out <cert req filename>.req
#or for non interactive
openssl req -new -key <key filename>.key -out <cert req filename>.req \
	-subj /C=DE/ST=Baden\ Wuertenberg/L=Sulz/O=Lucasserver/OU=<Device>/CN=<hostname> \
	-addext "subjectAltName = DNS:<dns name 1>, DNS:<dns name 2>"
	
openssl req -in <cert req filename>.req -noout -subject    # verfy information
  1. Copy the .req file to the ca server in /tmp/
  2. Run this commands on the CA server
cd ~/easy-rsa
./easyrsa import-req <path to .req file> <tmp name for ca>    #.req file path usually /tmp
./easyrsa sign-req <client | server> <tmp name for ca>
  1. Finally get your signed cert from ~/easy-rsa/pki/issued/<tmp ca name>and do what you want

Source: Digital Ocean

© Copyright . All rights reserved.