Error EXT [Making and trusting your own certificates]

My domain is:

I ran this command (1) :
openssl req -x509 -out localhost.crt -keyout localhost.key -newkey rsa:2048 -nodes -sha256 -subj ‘/CN=localhost’ -extensions EXT -config <(printf “[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth”)

It produced this output (1):
Error in req

I ran this command (2) :
openssl req -x509 -out localhost.crt -keyout localhost.key -newkey rsa:2048 -nodes -sha256 -subj ‘/CN=localhost’ -extensions EXT

It produced this output (2):
Error Loading extension section EXT

The operating system my web server runs on is (include version):
Windows 10

I use that version of OpenSSL :
Win64 OpenSSL v1.1.1g

Hello everybody,

I try to create a self signed certificate but I have this issue. Even if I add an EXT section in the OpenSSL.cnf, it’s not working. Don’t know what I can do.

If someone have the anwser, thanks a lot.

1 Like

This has nothing to do with Let’s Encrypt.
You might try using a search engine.
“creating a self-signed cert with openssl”

If that doesn’t help…
Try replacing:
-subj ‘/CN=localhost’ -extensions EXT
-new -days 3650
[use any number of days that you desire and just walk through the prompts]

1 Like

Hi @JNB_Dimo

that’s a Unix command, I don’t think that works on Windows.

Looks like try and error. Check the documentation of your OpenSsl.

1 Like

Where did you find the keyword: EXT ?
Normally I use -reqexts SAN but that may not apply to your case.

1 Like

Amending the search to:
create a self-signed san cert using openssl in "windows"
I found this link:

Seems the SAN trick is to include the SAN entries in a SAN.cfg file.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.