-
Notifications
You must be signed in to change notification settings - Fork 640
Custom SSL certificates
Ariel Richtman edited this page Aug 31, 2024
·
9 revisions
- SmallStep CLI
granular-dn-leaf.tpl
{
"subject": {
"country": {{ toJson .Insecure.User.country }},
"organization": {{ toJson .Insecure.User.organization }},
"organizationalUnit": {{ toJson .Insecure.User.organizationalUnit }},
"commonName": {{toJson .Subject.CommonName }}
},
"sans": {{ toJson .SANs }},
"extKeyUsage": ["serverAuth"],
"basicConstraints": {
"isCA": false
}
}dn-defaults.json
{
"country": "US",
"organization": <ORGANIZATION>,
"organizationalUnit": <ORG_UNIT>
}step certificate create router router.pem router.key \
--ca root-ca.pem --ca-key root-ca-key.pem --ca-password-file root-ca-pass.txt \
--template granular-dn-leaf.tpl --set-file dn-defaults.json \
--not-after 2160h --bundle \
--insecure --no-password \
--san <ROUTER_IP> --san <ROUTER_DNS_NAME>
## Certificate Installation
1. Head to WAN -> DDNS
1. Select _Import Your Own Certificate_ and upload.
## Notes
You do need the extension specifying it's not a CA otherwise you get an error:
`httpd: Can't get basic constrain`.