danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
I'm wanting to update my Nextcloud jail script to give the option of creating a self-signed certificate, for users who can't or don't want to obtain a Let's Encrypt cert. I envision this also being useful for those who want to provide their own cert, so the SSL configuration is in place in the jail, and all they have to do is plug in the new cert/key without worrying about Let's Encrypt/acme.sh overwriting them.
I've found this page, which gives a convenient way to non-interactively generate the cert:
It generates a new key and cert with the specified subject, and requires no user input. Great. Only problem is that it doesn't include a SubjectAltName extension, which is pretty much required any more. Is the only way to specify that to use a separate openssl.cnf file?
Edit: I recall @zoomzoom doing some messing around with openssl.cnf files...
I've found this page, which gives a convenient way to non-interactively generate the cert:
Code:
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \ -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" \ -keyout www.example.com.key -out www.example.com.cert
It generates a new key and cert with the specified subject, and requires no user input. Great. Only problem is that it doesn't include a SubjectAltName extension, which is pretty much required any more. Is the only way to specify that to use a separate openssl.cnf file?
Edit: I recall @zoomzoom doing some messing around with openssl.cnf files...
Last edited: