Creating a Basic Server SSL Certificate

On the Client Machine

In a secure directory, create a template file (req.conf)

touch req.conf
vim req.conf

Populate th required fields for DNS.1 (.2, .3 as required) and the CN field with the desired domain name for the certificate.

[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = CA
ST = Ontario
L = Toronto
O = Weepy Tests Inc.
OU = IT
CN = ipam.weepytests.com
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = wt-ipam01.weepytests.com
DNS.2 = ipam.weepytests.com

Save the file, and run the following command to generate a new key and create the CSR (Certificate Signing Request) for this certificate.

openssl req -newkey rsa:2048 -nodes -keyout ipam.weepytests.com.key -out ipam.weepytests.com.req -config req.conf

Copy this CSR over the Certificate Authority

On the Certificate Authority

Navigate to the installation directory of the CA and import and sign the certificate. After it is signed, copy the file out of /srv/weepytests_rootca/pki/issued directory (in this example, ipam.weepytests.com.crt) and copy it back to the client machine (requesting machine).

cd /srv/weepytests_rootca/
./easyrsa import-req ~/ipam.weepytests.com.req ipam.weepytests.com
./easyrsa sign-req server ipam.weepytests.com

On the Client Machine

Open the certificate file and remove all the text before the begin of the certificate itself. If required, copy the contents of the root certificate to the end of the file to form a bundle.

How To Setup Openvpn Server on pfSense Installation and Configuration of a Certificate Authority