First, set the common name (CN, ~FQDN) for the certificate:
Change to the directory where you would like to store the data relevant for certificates, e.g.:
Then create a private key:
Generate the signing Request, either:
a) interactively, you'll have to answer some questions...:
b) using a customized openssl config file:
Now you may either:
a) send the certificate request to an (official or internal) Certificate Authority to sign the Certificate
b) for testing purposes only, you can also self-sign the certificate:
When you have received signed (or self-signed) certificate, you can copy all the files to the appropriate location.
Probably you have to create a combined pkcs#12 (.p12, .pfx) file, containing private key and certificates:
Clear the shell variable for the Common Name:
CN=host.domain.tld
Change to the directory where you would like to store the data relevant for certificates, e.g.:
cd /etc/ssl
Then create a private key:
openssl genrsa -out private/${CN}.key 2048
Generate the signing Request, either:
a) interactively, you'll have to answer some questions...:
openssl req -new -key private/${CN}.key -out ${CN}.csr
b) using a customized openssl config file:
openssl req -new -config ${CN}-openssl.cnf -key private/${CN}.key -out ${CN}.csr
Now you may either:
a) send the certificate request to an (official or internal) Certificate Authority to sign the Certificate
b) for testing purposes only, you can also self-sign the certificate:
openssl x509 -req -days 1825 -in ${CN}.csr -signkey private/${CN}.key -out certs/${CN}.crt
When you have received signed (or self-signed) certificate, you can copy all the files to the appropriate location.
Probably you have to create a combined pkcs#12 (.p12, .pfx) file, containing private key and certificates:
openssl pkcs12 -export -in ${CN}.crt -certfile cafile.pem -inkey ${CN}.key -out ${CN}.pfx(where cafile.pem is the ca certificate bundle of issuing certificate authority)
Clear the shell variable for the Common Name:
CN=
add comment
( 2254 views )
| permalink
| ( 3 / 1318 )