Requirement:
In our development services, we often need to have self-signed certificates. Sometimes we need to add SAN into such a certificate. Below is how we use OpenSSL to achieve it.Solution:
$ openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout tls.key -out tls.crt -config req.conf -extensions 'v3_req'req.conf:
[req]
distinguished_name = ingress_tls_prometheus_test
x509_extensions = v3_req
prompt = no
[ingress_tls_prometheus_test]
C = US
ST = VA
L = NY
O = BAR
OU = BAR
CN = www.bar.com
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = prometheus.bar.com
DNS.2 = grafana.bar.com
DNS.3 = alertmanager.bar.com
To verify it: openssl x509 -in tls.crt -noout -text
No comments:
Post a Comment