This content originally appeared on DEV Community and was authored by manish srivastava
"To be concise, here is how to generate an individual self signed SAN certificate with IP addresses. Expand the IP list to include your entire subnet and use one cert for everything."
As said by https://stackoverflow.com/users/3421482/josiah-dewitt
#!/bin/bash
#using: OpenSSL 1.1.1c FIPS 28 May 2019 / CentOS Linux release 8.2.2004
C=US ; ST=Confusion ; L=Anywhere ; O=Private\ Subnet ; EMAIL=admin@company.com
BITS=2048
CN=RFC1918
DOM=company.com
SUBJ="/C=$C/ST=$ST/L=$L/O=$O/CN=$CN.$DOM"
openssl genrsa -out ip.key $BITS
SAN='\n[SAN]\nsubjectAltName=IP:192.168.1.0,IP:192.168.1.1,IP:192.168.1.2,IP:192.168.1.3,IP:192.168.1.4,IP:192.168.1.5,IP:192.168.1.6,IP:192.168.1.7,IP:192.168.1.8,IP:192.168.1.9,IP:192.168.1.10'
cp /etc/pki/tls/openssl.cnf /tmp/openssl.cnf
echo -e "$SAN" >> /tmp/openssl.cnf
openssl req -subj "$SUBJ" -new -x509 -days 10950 \
-key ip.key -out ip.crt -batch \
-set_serial 168933982 \
-config /tmp/openssl.cnf \
-extensions SAN
openssl x509 -in ip.crt -noout -text
$DOM is Domain (Incase you need)
Refer to https://stackoverflow.com/questions/2043617/is-it-possible-to-have-ssl-certificate-for-ip-address-not-domain-name#:~:text=An%20SSL%20certificate%20is%20typically,Certificate%20Signing%20Request%20(CSR).
THE END
This content originally appeared on DEV Community and was authored by manish srivastava
manish srivastava | Sciencx (2021-05-28T19:21:38+00:00) Is it possible to have ssl certificate for ip address not domain name? Answer is YES :). Retrieved from https://www.scien.cx/2021/05/28/is-it-possible-to-have-ssl-certificate-for-ip-address-not-domain-name-answer-is-yes/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.