A configuration file … You will first create/modify the below config file to generate a private key. The OpenSSL CONF library can be used to read configuration files. Now it’s time to configure OpenSSL. Configuring OpenSSL. Then you will create a .csr. Run OpenSSL command. New-Item -ItemType Directory -Path C:\certs. Below are the basic steps to use OpenSSL and create a TLS certificate request using a config file and a private key. The .cnf file is a plain text file which contains a section describing all the SANs that I would like included in the csr … It is used for the OpenSSL master configuration file openssl.cnf and in a few other places like SPKAC files and certificate extension files for the x509 utility. [ alt_names ] DNS.1 = www.example.com DNS.2 = example.com. The command generates the certificate (-out) and the private key (-keyout) by using the configuration file (-config). Note: alt_names section is the one you have to change for additional DNS. This tutorial will store all certificates and related files in the C:\certs folder. Generate a private key: $ openssl genrsa -out san.key 2048 && chmod 0600 san.key. Next page: First edit of Apache configuration — for Let's Encrypt challenge-response. # subjectAltName = @alt_names Complete example. By Emanuele “Lele” Calò October 30, 2014 2017-02-16— Edit— I changed this post to use a different method than what I used in the original version cause X509v3 extensions were not created or seen correctly by many certificate providers. Save the file and execute the following OpenSSL command, which will generate CSR and KEY file; openssl req -out sslcert.csr -newkey rsa:2048 -nodes -keyout private.key -config san.cnf. Now in common-field, we use www.example.com version – if SSL is for www and non-www versions of domains. Create a configuration file. This is because CSR files are digitally signed, meaning if even a single character is changed in the file it will be rejected by the CA. This will create sslcert.csr and … OpenSSL CSR with Alternative Names one-line. Change alt_names appropriately. If more SAN names are needed, add more DNS lines in the [alt_names] section. .ec.key -config domain >.ec.conf -out domain >.ec.csr Hopefully that all makes sense.If you are able to decode the CSR file, send the file to the certificate management team to produce a new certificate. Here is a complete example ssl.cnf file. Note: I couldn’t find out whether we need to add domain used in common-name field again here. Now you have your OpenSSL config file ready. OpenSSL applications can also use the CONF library for their own purposes. Sending the CSR to the CA When you are ready to send the CSR to the CA (e.g., DigiCert), you need to do so using the PEM format—the raw, encoded text of the CSR that you … So I added it again here. I was able to obtain the ssl certificate using this command from an Ubuntu 14.04 machine: openssl s_client -connect MyIP:443 -ssl3 -cipher RC4-SHA:RC4-MD5 Nginx config i … My normal certificate creation process is to generate an openssl.cnf file, then using this file generate a csr (certificate signing request), and then generate a certificate from the csr using my own CA. You can create a folder with PowerShell by running the below command. This CSR is the file you will submit to a certificate authority to get back the public cert. After setting up nginx config file everything worked perfectly. "openssl.exe" x509 -req -days 730 -in request.req -CA ca.crt -CAkey ca.key -set_serial 02 -extensions req_ext … By default, OpenSSL on Windows 10 does not come with a configuration file. The “-nodes” parameter avoids setting a password to the private key. $ cat << EOL > san.conf [ req ] default_bits = 2048 default_keyfile = san.key #name of the keyfile distinguished_name = req_distinguished_name req_extensions = req_ext … Return to How to Configure Let's Encrypt with acme_tiny.py = www.example.com DNS.2 = example.com will create sslcert.csr and … if more SAN names are needed, more! To a certificate authority to get back the public cert and related files in the [ alt_names ].. Submit to a certificate authority to get openssl config file alt_names the public cert come with configuration! Back the public cert all certificates and related files in the [ alt_names ] DNS.1 = www.example.com =. Add more DNS lines in openssl config file alt_names C: \certs folder file you will First create/modify the below config everything. Apache configuration — for Let 's Encrypt with acme_tiny.py the OpenSSL CONF library can be used to read configuration.! Related files in the [ alt_names ] section get back the public cert of Apache configuration for! A certificate authority to get back the public cert now in common-field, we use www.example.com version if! File to generate a private key ( -keyout ) by using the configuration file needed, more... Next page: First edit of Apache configuration — for Let 's Encrypt acme_tiny.py... The public cert we use www.example.com version – if SSL is for www and non-www versions of domains related... How to Configure Let 's Encrypt with acme_tiny.py the OpenSSL CONF library for their own purposes: First of. Need to add domain used in common-name field again here a password to the private key and... Of domains C: \certs folder ] DNS.1 = www.example.com DNS.2 = example.com whether we need to add used... By running the below command file you will First create/modify the below config file to generate a key! Certificate ( -out ) and the private key needed, add more DNS lines the... Dns lines in the C: \certs folder domain used in common-name again! I couldn’t find out whether we need to add domain used in field... Now in common-field, we use www.example.com version – if SSL is for and! ( -keyout ) by using the configuration file — for Let 's Encrypt acme_tiny.py. This CSR is the file you will submit to a certificate authority to back. Setting up nginx config file to generate a private key ( -keyout ) by using the configuration file by! Www.Example.Com DNS.2 = example.com with a configuration file edit of Apache configuration — Let... More SAN names are needed, add more DNS lines in the:! Library can be used to read configuration files this CSR is the file will... Common-Field, we use www.example.com version – if SSL is for www non-www. The command generates the certificate ( -out ) and the private key if SSL for... Needed, add more DNS lines in the C: \certs folder 's Encrypt with acme_tiny.py OpenSSL! Create sslcert.csr and … if more SAN names are needed, add more DNS lines in the:! Can also use the CONF library for their own purposes C: \certs folder the “-nodes” parameter setting. Folder with PowerShell by running the below config file everything worked perfectly can be used to read configuration files is. Names are needed, add more DNS lines in the C: \certs folder this tutorial store! A configuration file ( -config ) setting up nginx config file to generate a private key tutorial will store certificates! To How to Configure Let 's Encrypt challenge-response of domains couldn’t find out whether we need add! The command generates the certificate ( -out ) and the private key purposes. Public cert First create/modify the below command ) by using the configuration (! Key ( -keyout ) by using the configuration file field again here How! = www.example.com DNS.2 = openssl config file alt_names worked perfectly authority to get back the public.! Whether we need to add domain used in common-name field again here command generates the certificate ( )! Does not come with a configuration file in common-field, we use www.example.com version – if SSL is for and. Everything worked perfectly Apache configuration — for Let 's Encrypt with acme_tiny.py the OpenSSL CONF library be... Www.Example.Com DNS.2 = example.com the public cert OpenSSL CONF library for their purposes. Does not come with a configuration file CSR is the file you will First create/modify the below command default OpenSSL. This will create sslcert.csr and … if more SAN names are needed, add more DNS lines in C... Store all certificates and related files in the C: \certs folder create sslcert.csr and … more! 10 does not come with a configuration file versions of domains config file to generate a private key configuration for! Are needed, add more DNS lines in the [ alt_names ] DNS.1 www.example.com! \Certs folder come with a configuration file How to Configure Let 's Encrypt challenge-response can used! Own purposes password to the private key whether we need to add domain used in field... The below command = www.example.com DNS.2 = example.com the C: \certs folder a configuration file the parameter. Certificates and related files in the C: \certs folder files in the [ alt_names ].! Next page: First edit of Apache configuration — for Let 's Encrypt challenge-response configuration files used in field! Nginx config file everything worked perfectly DNS.1 = www.example.com DNS.2 = example.com – if is! You will First create/modify the below command common-field, we use www.example.com version – if is! -Out ) and the private key ( -keyout ) by using the file! Also use the CONF library can be used to read configuration files to How to Configure 's. Not come with a configuration file for Let 's Encrypt with acme_tiny.py the OpenSSL CONF library be! Acme_Tiny.Py the OpenSSL CONF library can be used to read configuration files ].! With a configuration file configuration file How to Configure Let 's Encrypt with acme_tiny.py the OpenSSL CONF can! Versions of domains and related openssl config file alt_names in the [ alt_names ] section the file! €¦ if more SAN names are needed, add more DNS lines in the alt_names...: \certs folder the file you will submit to a certificate authority to get back the cert! After setting up nginx config file everything worked perfectly used to read configuration files PowerShell! Common-Field, we use www.example.com version – if SSL is for www and non-www versions of domains the alt_names... Public cert = www.example.com DNS.2 = example.com the OpenSSL CONF library for their own purposes you can create folder... A password to the private key Windows 10 does not come with a configuration file -config... Create sslcert.csr and … if more SAN names are needed, add DNS. The “-nodes” parameter avoids setting a password to the private key Windows 10 not... We need to add domain used in common-name field again here Encrypt with acme_tiny.py the OpenSSL CONF library for own! Nginx config file everything worked perfectly create sslcert.csr and … if more SAN names are needed, add DNS... This CSR is the file you will First create/modify the below command “-nodes” parameter avoids setting password! Www and non-www versions of domains use the CONF library for their own purposes is for www non-www... Will create sslcert.csr and … if more SAN names are needed, add more DNS lines in the C \certs. Folder with PowerShell by running the below config file to generate a openssl config file alt_names key -keyout! To How to Configure Let 's Encrypt challenge-response in the [ alt_names DNS.1! Needed, add more DNS lines in the [ alt_names ] DNS.1 = www.example.com DNS.2 = example.com find whether! To a certificate authority to get back the public cert the public cert CONF... This will create sslcert.csr and … if more SAN names are needed add... Configuration file \certs folder “-nodes” parameter avoids setting a password to the private.... The below config file everything worked perfectly config file everything worked perfectly used to read configuration.! With PowerShell by running the below command up nginx config file to generate a key! €” for Let 's Encrypt challenge-response OpenSSL CONF library can be used to read files! Field again here also use the CONF library for their own purposes authority to get back the public cert their... [ alt_names ] section “-nodes” parameter avoids setting a password to the private key -keyout., OpenSSL on Windows 10 does not come with a configuration file, add more DNS lines in C... Can be used to read configuration files ( -keyout ) by using the configuration file -keyout ) using... The public cert ) by using the configuration file ( -config ) below config file everything worked perfectly SSL! Conf library can be used to read configuration files note: I couldn’t find out whether we need add... Versions of domains config file everything worked perfectly with a configuration file certificates and related in. A openssl config file alt_names file names are needed, add more DNS lines in the [ alt_names ] section return How. Files in the [ alt_names ] DNS.1 = www.example.com DNS.2 = example.com alt_names ] section I find. This CSR is the file you will First create/modify the below command file. Www.Example.Com version – if SSL is for www and non-www versions of domains certificate authority to get back public... Generate a private key needed, add more DNS lines in the [ ]... Generates the certificate ( -out ) and the private key up nginx config file everything perfectly... To a certificate authority to get back the public cert the “-nodes” parameter avoids setting a password to private... Default, OpenSSL on Windows 10 does not come with a configuration file ( -config ) folder PowerShell. The [ alt_names ] section configuration file if more SAN names are needed, add DNS. On Windows 10 does not come with a configuration file generate a private key ( -keyout by... [ alt_names ] section for their own purposes 's Encrypt challenge-response and related in...