[root@master-b01 ~]# vi /etc/ssl/req.conf
[req]
distinguished_name = Abimayu
x509_extensions = v3_req
prompt = no
[Abimayu]
C = ID
ST = DKI Jakarta
L = Jakarta
O = PT. Abimayu Indonesia
OU = IT Operation
CN = 192.168.123.1
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = www.abimayu.com
DNS.2 = api.upg.apps.abimayu.comopenssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/abimayu-selfsigned.key -out /etc/ssl/certs/abimayu-selfsigned.crt -config /etc/ssl/req.confwill generate files :
/etc/ssl/certs/abimayu-selfsigned.crt
/etc/ssl/private/abimayu-selfsigned.key
/etc/ssl/private/abimayu-selfsigned.key
Then check for validation certificate
openssl x509 -in /etc/ssl/certs/abimayu-selfsigned.crt -text -nooutOKD web > name space > Route
- hostname : must filled
- hostname : must filled
- services : pick one
- Security route : means https
- TLS Termination : edge
- Insecure Traffic : redirect
- Certificates : filled ( with : /etc/ssl/certs/abimayu-selfsigned.crt )
- Private Key : filled ( with : /etc/ssl/private/abimayu-selfsigned.key )
then save
source :
https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-on-centos-7
https://www.sslshopper.com/article-most-common-openssl-commands.html
No comments:
Post a Comment