I'm trying to install this project: https://github.com/versatica/mediasoup-demo
It requires fullchain.pem
and privkey.pem
files. How do I generate these with openssl or something similar, on Ubuntu 20?
Though the accepted answer seems to work (partially), it's got flaws. The following gives you most of what you need for a self-signed certificate:
openssl req -new -x509 -nodes -subj "/CN=my.root" -newkey rsa:2048 -keyout ca.key -out ca.crt -reqexts v3_req -extensions v3_ca
openssl req -new -nodes -sha256 -newkey rsa:2048 -keyout domain.key -config ext.conf -out domain.csr
openssl x509 -req -in domain.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out domain.crt -days 500 -sha256 -extfile ext.conf -extensions req_ext
Sample ext.conf
:
[req]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = some_dn
[some_dn]
C = US
ST = Florida
L = Jacksonville
O = SomeOrg
emailAddress = some@email.com
CN = thedomain.com
[req_ext]
subjectAltName = @alt_names
[alt_names]
DNS.1 = otherdomain.com
IP.1 = 1.2.3.4
Notes:
cp domain.key privkey.pem
& cat domain.crt ca.crt > fullchain.pem
to get the files OP has mentioned. (unlike the accepted answer, the fullchain must contain CA). -nodes
if you want the key to have a passphrase.ext.conf
, CN
is your domain & alt_names
contains its aliases (specially if your server is not yet pointed to a domain put your IP here).ca.crt
as a root CA on your client side so that your certificate is recognized.-reqexts v3_req -extensions v3_ca
ensures compatibility of CA cert with android clients. openssl genrsa > privkey.pem
openssl req -new -x509 -key privkey.pem > fullchain.pem
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.