Selbst signiertes Zertifikat (multiple SAN) mit openssl (Windows) erzeugen
OpenSSL Windows 64bit: https://slproweb.com/products/Win32OpenSSL.html
"c:\Program Files\OpenSSL-Win64\bin\openssl" req -x509 -newkey rsa:4096 -sha256 -keyout c:\PFAD\SelfCert\openssl.key -out c:\PFAD\SelfCert\openssl.crt -days 3650 -config c:\PFAD\SelfCert\certs.cnf
"c:\Program Files\OpenSSL-Win64\bin\openssl" pkcs12 -export -name "commonname" -out c:\PFAD\SelfCert\openssl.pfx -inkey c:\PFAD\SelfCert\openssl.key -in c:\PFAD\SelfCert\openssl.crt
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = countrycode
ST = state
L = locality
O = company
OU = IT
CN = ServerURL
[v3_req]
keyUsage = critical, digitalSignature, keyAgreement
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = commonname1
DNS.2 = commonname2
Erklärung:
CN: CommonNameOU: OrganizationalUnitO: OrganizationL: LocalityS: StateOrProvinceNameC: CountryName
https://medium.com/the-new-control-plane/generating-self-signed-certificates-on-windows-7812a600c2d8
As far as multiple SAN are concerned, OpenSSL currently doesn’t support a way of doing this via the command line.