Loading...
 

TLS Configure /etc/ssl/openssl.cnf

Add to openssl.cnf 



[ CA_default ]
x509_extensions = usr_cert              # The extentions to add to the cert
x509_extensions = v3_req

[req]
req_extensions = v3_req
[v3_req]
 #Extensions to add to a certificate request 
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 #Some CAs do not yet support subjectAltName in CSRs.
 #Instead the additional names are form entries on web
 #pages where one requests the certificate...
subjectAltName = @alt_names
[alt_names]
DNS.1 = ssl.website.com
DNS.2 = ssl.website2.com
DNS.3 = webmail.website.com