Browse Source
fix in one-liners (csr from existing cert)
- signed-off-by: trimstray <trimstray@gmail.com>pull/135/head
trimstray
4 years ago
1 changed files with 4 additions and 2 deletions
Unified View
Diff Options
-
+4 -2README.md
+ 4
- 2
README.md
View File
| @@ -2501,6 +2501,8 @@ openssl req -out ${_fd_csr} -new -key ${_fd} ) | |||||
| ###### Generate CSR (metadata from existing certificate) | ###### Generate CSR (metadata from existing certificate) | ||||
| > Where `private.key` is the existing private key. As you can see you do not generate this CSR from your certificate (public key). Also you do not generate the "same" CSR, just a new one to request a new certificate. | |||||
| ```bash | ```bash | ||||
| ( _fd="private.key" ; _fd_csr="request.csr" ; _fd_crt="cert.crt" ; \ | ( _fd="private.key" ; _fd_csr="request.csr" ; _fd_crt="cert.crt" ; \ | ||||
| openssl x509 -x509toreq -in ${_fd_crt} -out ${_fd_csr} -signkey ${_fd} ) | openssl x509 -x509toreq -in ${_fd_crt} -out ${_fd_csr} -signkey ${_fd} ) | ||||
| @@ -2512,7 +2514,7 @@ openssl x509 -x509toreq -in ${_fd_crt} -out ${_fd_csr} -signkey ${_fd} ) | |||||
| ( _fd="private.key" ; _fd_csr="request.csr" ; \ | ( _fd="private.key" ; _fd_csr="request.csr" ; \ | ||||
| openssl req -new -sha256 -key ${_fd} -out ${_fd_csr} \ | openssl req -new -sha256 -key ${_fd} -out ${_fd_csr} \ | ||||
| -config <( | -config <( | ||||
| cat <<-EOF | |||||
| cat << __EOF__ | |||||
| [req] | [req] | ||||
| default_bits = 2048 | default_bits = 2048 | ||||
| default_md = sha256 | default_md = sha256 | ||||
| @@ -2535,7 +2537,7 @@ subjectAltName = @alt_names | |||||
| DNS.1 = <fully qualified domain name> | DNS.1 = <fully qualified domain name> | ||||
| DNS.2 = <next domain> | DNS.2 = <next domain> | ||||
| DNS.3 = <next domain> | DNS.3 = <next domain> | ||||
| EOF | |||||
| __EOF__ | |||||
| )) | )) | ||||
| ``` | ``` | ||||