Настройка многодоменного самоподписанного SSL-сертификата

Thank you for reading this post, don't forget to subscribe!

чтобы не генерить корневой сертификат потом делать запрос и подписывать запрос корневым, можно сделать следующее:

cat mysite.cnf

[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no

[req_distinguished_name]
C = &lt;Country&gt;
ST = &lt;Province&gt;
L = &lt;City&gt;
O = &lt;Organisation&gt;
CN = &lt;Primary Domain&gt;

[v3_req]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
basicConstraints = CA:TRUE
subjectAltName = @alt_names

[alt_names]
DNS.1 = &lt;Primary Domain&gt;
DNS.2 = &lt;2nd Domain&gt;
DNS.3 = &lt;3rd Domain&gt;
DNS.4 = &lt;4th Domain&gt;
## on so on, and so forth.

[req]

distinguished_name = req_distinguished_name

x509_extensions = v3_req

prompt = no

[req_distinguished_name]

C = <Country>

ST = <Province>

L = <City>

O = <Organisation>

CN = <Primary Domain>

[v3_req]

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid,issuer

basicConstraints = CA:TRUE

subjectAltName = @alt_names

[alt_names]

DNS.1 = <Primary Domain>

DNS.2 = <2nd Domain>

DNS.3 = <3rd Domain>

DNS.4 = <4th Domain>

## on so on, and so forth.

openssl genrsa -out mysite.key 3072 -nodes
openssl req -new -x509 -key mysite.key -sha256 -config mysite.cnf -out mysite.crt -days 730

иии по сути всё. мы получаем наш key и crt

https://github.com/midnight47/

Пн	Вт	Ср	Чт	Пт	Сб	Вс
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30