[HOWTO] create a self signed cert to use HTTPS with multiples CN and IP

  • I use the well explained method described here:
    Spanish https://magmax.org/blog/creand…ntidad-certificadora-ssl/
    English https://datacenteroverlords.co…sl-certificate-authority/




    more info on: https://support.citrix.com/article/CTX227983



    But I modified some things to use SAN: https://geekflare.com/san-ssl-certificate/



    1 - Create a private key for CA

    Code
    openssl genrsa -out rootCA.key 2048



    2 - self firm this key for CA

    Code
    openssl req -x509 -new -nodes -key rootCA.key -days 1024 -out rootCA.pem


    you generate 3 files on root (I use winSCP to show files):
    1.jpg


    This files must be saved in a safe place and uploaded to your Firefox and chrome as Autority:
    2.jpg



    So you have a trusted AC cert locally self-firm.



    now is time to create one cert per machine using previously AC cert to firm:



    first you need to copy req.cnf to root to use in post generation.
    please edit as you needs:




    As you can see 3 alternate names are used for my NAS
    DNS.1 = rnas.local
    DNS.2 = rnas
    IP.1 = 192.168.1.103



    that are Common Names for same machine and used only on my LAN ( On WAN
    you have CN like myNAS.duckdns.org or something simmilar)



    Now is time to generate your key:

    Code
    openssl genrsa -out device.key 2048


    now is time to generate device.csr:


    Code
    openssl req -new -key device.key -out device.csr -config req.cnf -sha256 -nodes


    Now final steps is to generete cert self-signed with SAN names to do this:



    Code
    openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days 1000 -extensions extensions -extfile req.cnf


    and check that are all correct:




    Code
    openssl x509 -in device.crt -text -noout


    7.jpg



    now is time to load private key on OMV to use HTTPS:
    use devicxe.key as private key
    and device crt as certificate:


    8.jpg
    5.jpg


    6.jpg



    save and go to General settings, and select saved cert to use as HTTPS cert:


    7_2.jpg


    And the last step is to wait 2 minutes to test (because if you test too quickly a warning about time is show).




    now you can test several url ( like DNS1,2 & IP.1 in the cnf file)



    eg: https://rnas.local



    or



    https://192.168.1.103

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!