$ openssl req -new -x509 -nodes -config ouya.tv-cert-req.cnf -out selfcert-ouya.tv.pem -keyout selfcert-ouya.tv.key -days 730
- $ openssl genrsa -out selfcert-ouya.tv.key 2048
+ $ openssl genrsa -out selfcert-ouya.tv.key 1024
$ openssl req -new -config ouya.tv-cert-req.cnf -key selfcert-ouya.tv.key -out selfcert-ouya.tv.csr
- $ openssl x509 -req -in selfcert-ouya.tv.csr -CA ~/.mitmproxy/mitmproxy-ca.pem -CAkey ~/.mitmproxy/mitmproxy-ca.pem -CAcreateserial -out selfcert-ouya.tv.crt -days 730
+ $ openssl x509 -req -in selfcert-ouya.tv.csr -CA ~/.mitmproxy/mitmproxy-ca.pem -CAkey ~/.mitmproxy/mitmproxy-ca.pem -CAcreateserial -out selfcert-ouya.tv.crt -days 730 -extfile ouya.tv-cert-req.cnf
Verify CSR::
$ openssl x509 -in selfcert-ouya.tv.crt -text -noout
Then install the certificate in your web server.
+
+Note that the OUYA store application does not use SNI (Server Name Indication).
+This means that your server's *.ouya.tv must be delivered first when no
+host name is indicated by the client, thus the vhost has to be the first
+of all in the configuration.
extensions = v3_req
[req]
-default_bits = 2048
+default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
req_extensions = v3_req
prompt = no
[req_dn]
-C=US
-ST=Massachusetts
-L=Anytown
-O=OUYA
-OU=custom OUYA store
+#C=US
+#ST=Massachusetts
+#L=Anytown
+#O=OUYA
+#OU=custom OUYA store
CN=*.ouya.tv
-emailAddress=ouya+dummy@example.org
+#emailAddress=ouya+dummy@example.org
[v3_req]
-nsCertType = server
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-subjectAltName = @alt_names
+#nsCertType = server
+#basicConstraints = CA:FALSE
+#keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+#keyUsage = critical
+subjectAltName = critical,@alt_names
[alt_names]
-DNS.1 = ouya.tv
-DNS.2 = *.ouya.tv
+DNS.1 = *.ouya.tv
+DNS.2 = ouya.tv
DNS.3 = *.ouya.tv.bogo