yidas · September 7, 2025 06:15 · Jul 11, 2022 · Jul 13, 2018 · Jul 13, 2018 · Jul 13, 2018
diff --git a/csr.conf.md b/csr.conf.md
@@ -15,6 +15,7 @@ openssl x509 -req -days 365 -in self-ssl.csr -signkey self-ssl.key -out self-ssl
 default_bits = 2048
 distinguished_name = dn
 prompt             = no
+req_extensions = req_ext
 
 [dn]
 C="TW"

diff --git a/csr.conf.md b/csr.conf.md
@@ -44,3 +44,9 @@ openssl req -in self-ssl.csr -text -noout
 ```
 openssl x509 -in self-ssl.crt -text -noout
 ```
+
+## Trsuted CA or CRT
+
+After building self-signed RootCA or CRT, you could install it into your browser client.
+
+If you install RootCA or parent CRT, the SAN setting in the bottom CRT could be change by server with convenience, which the installer does not need to re-install CA.
diff --git a/csr.conf.md b/csr.conf.md
@@ -6,7 +6,7 @@ openssl req -new -key self-ssl.key -out self-ssl.csr -config csr.conf
 openssl x509 -req -days 365 -in self-ssl.csr -signkey self-ssl.key -out self-ssl.crt -extensions req_ext -extfile csr.conf
 ```
 
-> Sign from Root CA: `openssl x509 -req -days 365 -extensions req_ext -extfile csr.conf -CA RootCA.crt -CAkey RootCA.key -CAcreateserial -in self-ssl.csr -out self-ssl.crt`
+> Sign from Root CA: `openssl x509 -req -days 365 -extensions req_ext -extfile csr.conf -CA RootCA.crt -CAkey RootCA.key -in self-ssl.csr -out self-ssl.crt`
 
 ## Configuration `csr.conf`:
 

diff --git a/csr.conf.md b/csr.conf.md
@@ -35,8 +35,12 @@ DNS.1 = *.dev.yourdomain.com
 
 > [req] is for CSR with distinguished_name setting, while [req_ext] is called for `-extensions` with creating crt with SAN(subjectAltName) setting.
 
-## Extract information from the CSR
+## Extract information from the CSR/CRT
 
 ```
 openssl req -in self-ssl.csr -text -noout
 ```
+
+```
+openssl x509 -in self-ssl.crt -text -noout
+```
diff --git a/csr.conf.md b/csr.conf.md
@@ -33,7 +33,7 @@ DNS.0 = *.yourdomain.com
 DNS.1 = *.dev.yourdomain.com
 ```
 
-> [req] & [dn] are for CSR, while [req_ext] is named for `-extensions` with creating crt. [alt_names] is for SAN(subjectAltName) setting.
+> [req] is for CSR with distinguished_name setting, while [req_ext] is called for `-extensions` with creating crt with SAN(subjectAltName) setting.
 
 ## Extract information from the CSR
 

diff --git a/csr.conf.md b/csr.conf.md
@@ -33,7 +33,7 @@ DNS.0 = *.yourdomain.com
 DNS.1 = *.dev.yourdomain.com
 ```
 
-> [req] & [dn] are for CSR, while [req_ext] is named for `-extensions` with creating crt.
+> [req] & [dn] are for CSR, while [req_ext] is named for `-extensions` with creating crt. [alt_names] is for SAN(subjectAltName) setting.
 
 ## Extract information from the CSR
 

diff --git a/csr.conf.md b/csr.conf.md
@@ -13,7 +13,6 @@ openssl x509 -req -days 365 -in self-ssl.csr -signkey self-ssl.key -out self-ssl
 ```
 [req]
 default_bits = 2048
-req_extensions = req_ext
 distinguished_name = dn
 prompt             = no
 
@@ -34,6 +33,8 @@ DNS.0 = *.yourdomain.com
 DNS.1 = *.dev.yourdomain.com
 ```
 
+> [req] & [dn] are for CSR, while [req_ext] is named for `-extensions` with creating crt.
+
 ## Extract information from the CSR
 
 ```

diff --git a/csr.conf.md b/csr.conf.md
@@ -6,6 +6,8 @@ openssl req -new -key self-ssl.key -out self-ssl.csr -config csr.conf
 openssl x509 -req -days 365 -in self-ssl.csr -signkey self-ssl.key -out self-ssl.crt -extensions req_ext -extfile csr.conf
 ```
 
+> Sign from Root CA: `openssl x509 -req -days 365 -extensions req_ext -extfile csr.conf -CA RootCA.crt -CAkey RootCA.key -CAcreateserial -in self-ssl.csr -out self-ssl.crt`
+
 ## Configuration `csr.conf`:
 
 ```

diff --git a/csr.conf.md b/csr.conf.md
@@ -3,6 +3,7 @@
 ```
 openssl genrsa -out self-ssl.key
 openssl req -new -key self-ssl.key -out self-ssl.csr -config csr.conf
+openssl x509 -req -days 365 -in self-ssl.csr -signkey self-ssl.key -out self-ssl.crt -extensions req_ext -extfile csr.conf
 ```
 
 ## Configuration `csr.conf`:
@@ -14,7 +15,7 @@ req_extensions = req_ext
 distinguished_name = dn
 prompt             = no
 
-[ dn ]
+[dn]
 C="TW"
 ST="Taiwan"
 L="Taipei"
@@ -23,10 +24,10 @@ OU="Service"
 emailAddress="[email protected]"
 CN="yourdomain.com"
 
-[ req_ext ]
+[req_ext]
 subjectAltName = @alt_names
 
-[ alt_names ]
+[alt_names]
 DNS.0 = *.yourdomain.com
 DNS.1 = *.dev.yourdomain.com
 ```

diff --git a/csr.conf.md b/csr.conf.md
@@ -1,11 +1,11 @@
-Openssl commands:
+## Openssl commands:
 
 ```
 openssl genrsa -out self-ssl.key
 openssl req -new -key self-ssl.key -out self-ssl.csr -config csr.conf
 ```
 
-Configuration `csr.conf`:
+## Configuration `csr.conf`:
 
 ```
 [req]
@@ -20,13 +20,19 @@ ST="Taiwan"
 L="Taipei"
 O="YIDAS"
 OU="Service"
-CN/emailAddress="[email protected]"
-CN=yourdomain.com
+emailAddress="[email protected]"
+CN="yourdomain.com"
 
 [ req_ext ]
 subjectAltName = @alt_names
 
 [ alt_names ]
 DNS.0 = *.yourdomain.com
 DNS.1 = *.dev.yourdomain.com
-```
+```
+
+## Extract information from the CSR
+
+```
+openssl req -in self-ssl.csr -text -noout
+```
diff --git a/csr.conf.md b/csr.conf.md
@@ -1,9 +1,11 @@
+Openssl commands:
+
 ```
 openssl genrsa -out self-ssl.key
- openssl req -new -key self-ssl.key -out self-ssl.csr -config csr.conf
+openssl req -new -key self-ssl.key -out self-ssl.csr -config csr.conf
 ```
 
-`csr.conf`:
+Configuration `csr.conf`:
 
 ```
 [req]

diff --git a/csr.conf → csr.conf.md b/csr.conf → csr.conf.md
diff --git a/csr.conf b/csr.conf
@@ -0,0 +1,30 @@
+```
+openssl genrsa -out self-ssl.key
+ openssl req -new -key self-ssl.key -out self-ssl.csr -config csr.conf
+```
+
+`csr.conf`:
+
+```
+[req]
+default_bits = 2048
+req_extensions = req_ext
+distinguished_name = dn
+prompt             = no
+
+[ dn ]
+C="TW"
+ST="Taiwan"
+L="Taipei"
+O="YIDAS"
+OU="Service"
+CN/emailAddress="[email protected]"
+CN=yourdomain.com
+
+[ req_ext ]
+subjectAltName = @alt_names
+
+[ alt_names ]
+DNS.0 = *.yourdomain.com
+DNS.1 = *.dev.yourdomain.com
+```