● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2025-12-30 09:46:57 UTC; 1h 39min ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 1040 (sshd)
Tasks: 7 (limit: 9386)
Memory: 14.4M
CPU: 6.844s
CGroup: /system.slice/ssh.service
├─ 1040 "sshd: /usr/sbin/sshd -D [listener] 4 of 10-100 startups"
├─31141 "sshd: [accepted]" "" "" "" ""
├─31193 "sshd: [accepted]" "" "" "" ""
├─31235 "sshd: [accepted]" "" "" "" ""
├─31236 "sshd: [net]" "" "" "" "" "" "" "" "" ""
├─31268 "sshd: [accepted]" "" "" "" ""
└─31269 "sshd: [net]" "" "" "" "" "" "" "" "" ""# generate private key for the Certificate Authority (CAkey)openssl genrsa -aes256 -out ca-key.pem 4096
# generate self signed root certificate (CA)openssl req -new -x509 -sha256 -days 10000 -key ca-key.pem -out ca.pem
openssl x509 -in ca.pem -text
# generate private key for end certificateopenssl genrsa -out cert-key.pem 4096
# generate certificate sign request (CSR)openssl req -new -sha256 -subj "/CN=yourcn" -key cert-key.pem -out cert.scr
# subjectAltName configurationecho "subjectAltName=DNS:*.example.com,IP:192.168.11.202" > extfile.cnfecho "subjectAltName=DNS:*.example.com,DNS:example.com,IP:192.168.1.202" > extfile.cnfecho "subjectAltName=DNS:*.example.com,DNS:example.com,DNS:www.example.com,IP:192.168.1.202" > extfile.cnf
# signing the end certficate requestopenssl x509 -req -sha256 -days 10000 -in cert.csr -CA ca.pem -CAkey ca-key.pem -out cert.pem -extfile extfile.cnf -CAcreateserial
# create fullchaincat cert.pem > fullchain.pem
cat ca.pem >> fullchain.pem
# copy cert-key.pem to cert private key
# copy fullchain.pem to cert cert field