Создаем файл конфига
touch config.cnfДалее вносим в него конфиг следующего характера
[ req ]
default_bits = 2048
default_keyfile = server.key
distinguished_name = req_distinguished_name
req_extensions = extensions
x509_extensions = extensions
string_mask = utf8only
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = RU
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = MSK
localityName = Locality Name (eg, city)
localityName_default = Moskow
organizationName = Organization Name (eg, company)
organizationName_default = Zhilich, LLC
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = zhilich.ru
emailAddress = Email Address
emailAddress_default = admin@zhilich.ru
[ extensions ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alternate_names
nsComment = "OpenSSL Generated Certificate"
[ alternate_names ]
DNS.1 = zhilich.ru
DNS.2 = br.zhilich.ruПосле чего спокойной и не торопясь выполняем команду:
openssl req -config openssl.cnf -new -x509 -newkey rsa:2048 -nodes -keyout server.key -days 3650 -out server.crtПрописываем наш сертификат в конфиге Apache или Nginx и наслаждаемся жизнью