Wayne via plug on 14 Apr 2022 15:19:11 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Trivial self-signed SAN certs for testing



I've been using this for quite a while now and it seem to work well since it accommodates the important Subject Alternative Names...

publicIP=$(curl https://ipinfo.io/ip); openssl req -x509 -newkey rsa:3072 -sha256 -nodes -utf8 -days 30 -keyout "/tmp/cert.pem" -out "/tmp/cert.pem" -subj /CN="$publicIP" -extensions san -config <(echo "[req]"; echo distinguished_name=req; echo "[san]"; echo subjectAltName=DNS:"$publicIP",URI:"$publicIP",IP:"$publicIP"; echo issuerAltName=issuer:copy; echo crlDistributionPoints=URI::)


On 4/12/22 6:24 PM, JP Vossen via plug wrote:
Trivial self-signed certs for testing, SAN = subject alternative names = multi names and IPAs, from a single small Go-lang binary.

From: https://docs.min.io/docs/how-to-secure-access-to-minio-server-with-tls.html
https://github.com/minio/certgen (from
     ./certgen -org-name 'SPLAT' -host "192.168.99.144,minio-demo"

You'll get browser errors with these, but this is far easier and faster than another other solution I've seen.  Far more limited too, it does what it does and that's it.  But...handy for some things.

Later,
JP
--  -------------------------------------------------------------------
JP Vossen, CISSP | http://www.jpsdomain.org/ | http://bashcookbook.com/
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug