Generate Certificate Signing Request (CSR)
Lets assume we are creating SSL certificate for www.techish.com. Create the server configuration file e.g. ~/myCA/www_techish_com.cnf with your favorite text editor. Add this example content:
# # www_techish_com.cnf # [ req ] prompt                 = no distinguished_name     = server_distinguished_name [ server_distinguished_name ] commonName             =www.techish.com stateOrProvinceName    = Melbourne countryName            = AU emailAddress           = ishtiaq@techish.com organizationName       = TECHISH organizationalUnitName = Qualityunits
Be sure to change the values under server_distinguished_name especially the commonName value. The commonName value must match the host name, or CNAME for the host you wish to use the key for. If the commonName does not match the intended hostname, then host / certificate mismatch errors will appear in the client applications of clients attempting to access the server.
Once you’ve edited the file appropriately, save it and run following command to set an environment variable OPENSSL_CONF which forces the openssl tool to look for a configuration file in an alternative location
export OPENSSL_CONF=~/myCA/www_techish_com.cnf
To generate a certificate, and have it signed by a recognized Certificate Authority (CA), here are the instructions to generate CSR which you need to give to your service provider(e.g. Godaddy) for them to be able to provide you an SSL certificte.
Enter the following command to generate the private key, and certificate request:
openssl req -new -newkey rsa:2048 -nodes -keyout mykey.pem -out myreq.pem
Verify the signature with this command:
openssl req -in myreq.pem -noout -verify -key mykey.pem
and verify the information with this command:
openssl req -in myreq.pem -noout -text
Paste the content of the certificate request file into the CA’s signup form, and awaiting the certificate.
root@techish.com:~/myCA# cat myreq.pem -----BEGIN CERTIFICATE REQUEST----- MIIC2TCCAcECAQAwgZMxHzAdBgNVBAMTFnd3dy5jZWxlYmZ1bm9ubGluZS5jb20x DzANBgNVBAgTBlN1cnJleTELMAkGA1UEBhMCR0IxJzAlBgkqhkiG9w0BCQEWGGFk bWluQGNlbGViZnVub25saW5lLmNvbTEXMBUGA1UEChMOZVRYIFRvdWNocG9pbnQx EDAOBgNVBAsTB0dWSUxpdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQDffPiEgw8kGNq6oIHecXieicmGH5EJkmeNLNpMpdd1xj9e9Hwl4Bq6d4n648QW YwozLbhYPASwzHgJ0KWjNW7K58nQ/AEJpd+z1zPZzP5/hCsno8d20yqzFT/iXAaU j1rRElnaHADpfG0GfQ1AIdsDr8qLHuIG5XGT8RzDUItBZkzlwg3RYdUJawqYoPqx 7kqpwvWJQEbYxuLdXIwz/GcU8eMyWMVltr9M8Pv5zLQFVBejKIimv3/hTFK2gmqh LyeQLNWARht83VKWUcI54zKMGb4gMmNI9lmIQaQU0IB1psLeN0P2vRyIsb9ivfEU 40mKBWQzN3sc0gUOYYDOm5ZhAgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEASSYm rSSJaXZIs85RDA8tmskSVSLRYI042/y7nR7AdZjEfNmIv0TVhk5Ssv7SRZ9f3iUP wajpeSD23TS+GsFxIQE2yoaYURNSe5hplBYadaEe0816hvA9tGvNW9BIHU85RPrG gLNLeCyFADl0NS56OUJQNtcmoD1Fy6cBf2CHacTsLEcXJ4ZcTcN3/qoqIn9kgIQg oko7lPR5C2VwTGcoyuYFbc22OqWjc9PNob/X/z9IA71UKw/z5y+kvU7BcgALC99d 2Nej4wLTbb50lIZvNHuPbgwYtkbHgCUUXPtBgqBUe/g5SfsrmPph0OcJRwhiRlsa KqAvhBoJ+YucKAb/iw== -----END CERTIFICATE REQUEST-----
Also, you should safeguard the key file (mykey.pem), as it will be required to use the certificate you receive from the CA
cp mykey.pem /etc/ssl/private/www_techish_com.key
Recent Comments