For fields with *. as prefix or .* as suffix, they can have multiple values by having multiple lines with numbers incremented.
req_distinguished_name:
| Name | Description |
|---|---|
countryName |
Country name (2 letter code) |
stateOrProvinceName |
Locality name (eg, city) |
localityName |
State or province name |
*.organizationName |
Organization Name |
organizationalUnitName |
Organizational Unit Name (eg, section) |
commonName |
Common Name (eg, DNS domain name) |
emailAddress |
Email address |
Value of commonName needs to be added to alt_names to actually be used.
alt_names:
| Name | Description |
|---|---|
DNS.* |
DNS domain name |
email.* |
Email address |
The configuration file for generating a CA, only changes for fields under req_distinguished_name is required.
The configuration file for generating a certificate used by tls server, only changes for fields under req_distinguished_name and alt_names is required.
Usage: create-ca.sh [OPTION]...
Create a CA certificate.
Example: create-ca.sh -a $(date --date='300 days' +%Y%m%d%H%M%SZ) -f
-a set not after date
-b set not before date
-f recreate if the CA already exists
-h display this help text and exit
-n select ec curve name (list available via `openssl ecparam -list_curves`)
Usage: create-cert.sh [OPTION]...
Create a certificate, signed by your own CA.
Example: create-cert.sh -a $(date --date='30 days' +%Y%m%d%H%M%SZ) -f
-a set not after date
-b set not before date
-d set target domain (need config file named as `openssl-$DOMAIN.cnf`)
-f recreate private key instead of renew using old private key
-h display this help text and exit
-n select ec curve name (list available via `openssl ecparam -list_curves`)