$ openssl req -new -x509 -nodes -config ouya.tv-cert-req.cnf -out selfcert-ouya.tv.pem -keyout selfcert-ouya.tv.key -days 730
- $ openssl genrsa -out selfcert-ouya.tv.key 2048
+ $ openssl genrsa -out selfcert-ouya.tv.key 1024
$ openssl req -new -config ouya.tv-cert-req.cnf -key selfcert-ouya.tv.key -out selfcert-ouya.tv.csr
- $ openssl x509 -req -in selfcert-ouya.tv.csr -CA ~/.mitmproxy/mitmproxy-ca.pem -CAkey ~/.mitmproxy/mitmproxy-ca.pem -CAcreateserial -out selfcert-ouya.tv.crt -days 730
+ $ openssl x509 -req -in selfcert-ouya.tv.csr -CA ~/.mitmproxy/mitmproxy-ca.pem -CAkey ~/.mitmproxy/mitmproxy-ca.pem -CAcreateserial -out selfcert-ouya.tv.crt -days 730 -extfile ouya.tv-cert-req.cnf
Verify CSR::
$ openssl x509 -in selfcert-ouya.tv.crt -text -noout
Then install the certificate in your web server.
+
+Note that the OUYA store application does not use SNI (Server Name Indication).
+This means that your server's *.ouya.tv must be delivered first when no
+host name is indicated by the client, thus the vhost has to be the first
+of all in the configuration.