{"id":214,"date":"2019-03-15T16:56:30","date_gmt":"2019-03-15T15:56:30","guid":{"rendered":"https:\/\/leeryanrs.com\/?p=214"},"modified":"2019-03-15T16:56:30","modified_gmt":"2019-03-15T15:56:30","slug":"generating-a-csr-to-use-with-your-own-ca","status":"publish","type":"post","link":"https:\/\/leeryanrs.com\/?p=214","title":{"rendered":"Generating a CSR to use with your own CA"},"content":{"rendered":"\n

This method of generating the certificate with this CSR is useful when using for a web server, as without specifying the req_ext “SAN”, most popular browsers will display an error “ERR:certificate_common_name_invalid”<\/p>\n\n\n\n

[ req ]<\/code>
default_bits = 4096<\/code>
prompt = no <\/code>
encrypt_key = no<\/code>
default_md = sha256<\/code>
distinguished_name = dn<\/code>
req_extensions = req_ext<\/code>

[ dn ]<\/code>
CN = example.com<\/code>
emailAddress = ssl@example.com<\/code>
O = Example<\/code>
Company OU = Example Unit<\/code>
L = City<\/code>
ST = State<\/code>
C = US<\/code>
[ req_ext ]<\/code>
subjectAltName = DNS: www.example.com, DNS: mail.example.com, DNS: files.example.com<\/code> <\/pre>\n\n\n\n
 Fill in the above with relevant details and save it as yourdomain.com.conf<\/code>   Then, run OpenSSL using the below command :<\/p>\n\n\n\n
openssl req -new -config yourdomain.com.conf -keyout yourdomain.com.key -out yourdomain.com.csr <\/pre>\n\n\n\n
If you are doing this for an Apache web server, you’ll have to make sure you have the a2enmod ssl enabled and add the below to your VirtualHost configuration file
<\/p>\n\n\n\n
 SSLEngine on
 SSLCertificateFile \/home\/user\/certificates\/yourhostcert.crt
 SSLCertificateKeyFile \/home\/user\/certificates \/yourdomain.com.key
 SSLCertificateChainFile \/home\/user\/certificates\/root_combined.cer<\/pre>\n","protected":false},"excerpt":{"rendered":"
This method of generating the certificate with this CSR is useful when using for a web server, as without specifying the req_ext “SAN”, most popular browsers will display an error “ERR:certificate_common_name_invalid” [ req ]default_bits = 4096prompt = no encrypt_key = nodefault_md = sha256distinguished_name = dnreq_extensions = req_ext[ dn ]CN = example.comemailAddress = ssl@example.comO = ExampleCompany […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,5,9,16,17],"tags":[],"class_list":["post-214","post","type-post","status-publish","format-standard","hentry","category-apache","category-certificate","category-linux","category-ssl","category-ubuntu"],"_links":{"self":[{"href":"https:\/\/leeryanrs.com\/index.php?rest_route=\/wp\/v2\/posts\/214","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/leeryanrs.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/leeryanrs.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/leeryanrs.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/leeryanrs.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=214"}],"version-history":[{"count":0,"href":"https:\/\/leeryanrs.com\/index.php?rest_route=\/wp\/v2\/posts\/214\/revisions"}],"wp:attachment":[{"href":"https:\/\/leeryanrs.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=214"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/leeryanrs.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=214"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/leeryanrs.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=214"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}