Voir : https://www.tbs-certificats.com/FAQ/fr/192.html
Génération de la clef RSA
openssl genrsa 2048 > acme.fr.key chmod 400 acme.fr.key
Ou pour générer une clef Elliptic Curve
#openssl ecparam -genkey ....
Créez la demande de certificat (CSR)
openssl req -new -key acme.fr.key > acme.fr.csr
san.cnf
[ req ] default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = req_ext [ req_distinguished_name ] countryName = Country Name (2 letter code) stateOrProvinceName = State or Province Name (full name) localityName = Locality Name (eg, city) organizationName = Organization Name (eg, company) commonName = Common Name (e.g. server FQDN or YOUR name) [ req_ext ] subjectAltName = @alt_names [alt_names] DNS.1 = acme.fr DNS.2 = www.acme.fr
openssl req -new -sha256 -nodes -out acme.fr.csr -newkey rsa:2048 -keyout acme.fr.key -config san.cnf
Voir les infos du CSR
openssl req -in acme.fr.csr -noout -text
https://raw.githubusercontent.com/openssl/openssl/master/apps/openssl.cnf