Create a self-signed certificate for ip address

openssl.conf:

[req]
default_bits = 4096
distinguished_name = req_distinguished_name
req_extensions = v3_ca
x509_extensions = v3_ca

[req_distinguished_name]
countryName = Country
countryName_default = GB
countryName_min = 2
countryName_max = 2
localityName = Locality
localityName_default = London
organizationName = Organization
organizationName_default = Roland Ltd.
organizationalUnitName = OU
organizationalUnitName_default = Roland-OU
commonName = CN
commonName_default = 192.168.12.122
commonName_max = 64
emailAddress = Email
emailAddress_default = postmaster@local.example
emailAddress_max = 40

[v3_ca]
extendedKeyUsage=serverAuth
subjectAltName=IP:192.168.12.122

# openssl req -newkey rsa -config openssl.conf -days 32 -x509 -out new.cert -keyout new.key

Add the option "-nodes" to avoid having to type in a password for the private key. You will need this e.g. if you use the certificate for Apache and do not want to type in the private key password every time you restart your webserver.

You also might want to add "-sha512" to make the signature algorithm use the SHA512 digest. Otherwise a reasonable default will be used. For Ubuntu 14.04 (OpenSSL 1.0.1f) the default has already been set to SHA256.

Share