Self signed root cert with multdomain cert & sha-256
—-
Prep by creating dirs
mkdir -p /Users/user/Documents/multidomain/root_cert/private/ mkdir -p /Users/user/Documents/multidomain/star_devwest_foobar_com/
Root Certs
Create Root Key
user@greenscar root_cert $ openssl req \ -x509 \ -new \ -nodes \ -days 3650 \ -newkey rsa:2048 \ -sha256 \ -subj "/C=US/ST=California/L=San\ Jose/O=Cloud\ Cruiser\ Inc./CN=*.foobar.com" \ -keyout /Users/user/Documents/multidomain/root_cert/private/root_ca.key
Create Self Signed Root Cert
openssl req \ -x509 \ -sha256 \ -new \ -nodes \ -days 3650 \ -key /Users/user/Documents//SHA-256/root_cert/private/root_ca.key \ -subj "/C=US/ST=California/L=San\ Jose/O=Cloud\ Cruiser\ Inc./CN=*.foobar.com" \ -out /Users/user/Documents/multidomain/root_cert/root_ca.crt
————————————————
Per environment certs
CD to cert dir
user@greenscar star_devwest_foobar_com $ cd /Users/user/Documents/multidomain/star_devwest_foobar_com
Create Private Key
openssl genrsa \ -out /Users/user/Documents/multidomain/star_devwest_foobar_com/star_devwest_foobar_com.key \ 2048
Generate CSR
user@greenscar SHA-256 $ cd /Users/user/Documents/multidomain/star_devwest_foobar_com openssl req -new \ -config /Users/user/Documents/multidomain/foobar.com.cnf \ -key /Users/user/Documents/multidomain/star_devwest_foobar_com/star_devwest_foobar_com.key \ -sha256 \ -out /Users/user/Documents/multidomain/star_devwest_foobar_com/star_devwest_foobar_com.csr \ -subj "/C=US/ST=California/L=San\ Jose/O=FooBar\ Inc./CN=devwest.foobar.com"
Create files with all domains you want supported
echo "subjectAltName=DNS:devwest.foobar.com,DNS:*.devwest.foobar.com">cert_extensions
Checkout our new CSR
openssl req -text -noout -in star_devwest_foobar_com.csr
Sign cert via self signed root cert
openssl x509 -req \ -in /Users/user/Documents/multidomain/star_devwest_foobar_com/star_devwest_foobar_com.csr \ -CA /Users/user/Documents/multidomain/root_cert/root_ca.crt \ -CAkey /Users/user/Documents/multidomain/root_cert/private/root_ca.key \ -CAcreateserial \ -sha256 \ -extfile cert_extensions \ -out /Users/user/Documents/multidomain/star_devwest_foobar_com/star_devwest_foobar_com.crt \ -days 3650
Upload Cert
user@greenscar star_devwest_foobar_com $ aws iam delete-server-certificate --server-certificate-name star_devwest_foobar_com user@greenscar star_devwest_foobar_com $ aws iam upload-server-certificate --server-certificate-name star_devwest_foobar_com --certificate-body file://star_devwest_foobar_com.crt --private-key file://star_devwest_foobar_com.key