Creating a key and CSR for our VMware vCenter Server Appliance (VCSA), vcenter-80.nono.io:
CN=vcenter-80.nono.io
openssl genrsa -out $CN.key 3072
openssl req \
-new \
-key $CN.key \
-out $CN.csr \
-sha256 \
-subj "/C=US/ST=California/L=San Francisco/O=nono.io/OU=/CN=${CN}/[email protected]" \
-config <(cat <<EOF
[ req ]
distinguished_name = req_distinguished_name
req_extensions = req_ext
[ req_distinguished_name ]
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1 = ${CN}
EOF
)nsx.nono.io:
export CN=nsx.nono.io
openssl ecparam -name P-256 -genkey -out ${CN}.key
openssl req \
-new \
-key ${CN}.key \
-out ${CN}.csr \
-sha256 \
-nodes \
-subj "/C=US/ST=California/L=San Francisco/O=nono.io/OU=/CN=${CN}/[email protected]" \
-config <(cat <<EOF
[ req ]
distinguished_name = req_distinguished_name
req_extensions = req_ext
[ req_distinguished_name ]
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1 = ${CN}
EOF
)Wildcard:
CN=\*.nono.io
openssl ecparam -name secp384r1 -genkey -out $CN.key
openssl req \
-new \
-key $CN.key \
-out $CN.csr \
-sha256 \
-nodes \
-subj "/C=US/ST=California/L=San Francisco/O=nono.io/OU=/CN=${CN}/[email protected]" \
-config <(cat <<EOF
[ req ]
distinguished_name = req_distinguished_name
req_extensions = req_ext
[ req_distinguished_name ]
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1 = ${CN##\*.}
DNS.2 = ${CN}
EOF
)CN=\*.nono.io
openssl ecparam -name secp384r1 -genkey -out $CN.key
openssl req \
-new \
-key $CN.key \
-out $CN.csr \
-sha256 \
-nodes \
-subj "/C=US/ST=California/L=San Francisco/O=nono.io/OU=/CN=${CN}/[email protected]" \
-config <(cat <<EOF
[ req ]
distinguished_name = req_distinguished_name
req_extensions = req_ext
[ req_distinguished_name ]
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1 = ${CN##\*.}
DNS.2 = ${CN}
EOF
)