Configure certificates#

Create a private key and self-signed certificate#

  1. Create a server.conf configuration file, setting subjectAltName as appropriate, for example:

    [req]
    prompt = no
    x509_extensions = v3_ca
    distinguished_name = req_distinguished_name
    
    [req_distinguished_name]
    C = US
    ST = DC
    L = Washington
    O = Open Contracting Partnership
    CN = open-contracting.org
    emailAddress = sysadmin@open-contracting.org
    
    [v3_ca]
    subjectAltName = DNS:xyz.open-contracting.org
    
  2. Create a private key and self-signed certificate.

    openssl req -nodes -x509 -days 3650 -out server.crt -newkey rsa:2048 -keyout server.key -config server.conf
    
  3. Check the certificate.

    openssl x509 -in server.crt -noout -text
    

Reference: