Adding extension to a self-signed x509 certificate and signing a CSR with extensions (basic constraint CA:True/False, key usage, extended key usage, SAN etc.) Generating self-signed x509 certificate with extensions(basic constraint, key usage, extended key usage, SAN) : > openssl req -x509 -nodes -newkey rsa:2048 -keyout key.pem -out certificate.pem -days 1000 -addext "keyUsage = digitalSignature, keyEncipherment, keyCertSign" -addext "extendedKeyUsage = serverAuth" -addext basicConstraints=critical,CA:FALSE -addext "subjectAltName = DNS:tgclean.cisco.com, IP:10.106.72.231" Generating CSR with extensions (basic constraint, key usage, extended key usage, SAN): >openssl.exe req -x509 -out signing.csr -new -newkey rsa:2048 -nodes -keyout signing.key -addext "keyUsage = digitalSignature, keyEncipherment, keyCertSign" -addext "extendedKeyUsage = serverAuth" -addext basicConstraints=critical,CA:FALSE -addext "subjectAltName =...
