PKI // Playing with OpenSSL

Generating a PEM dummy certificate

host=`hostname --long`
echo $host

mkdir private/
chmod 700 private/
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout private/$host.key -out $host.crt
chmod 400 private/$host.key

unset host

Note. -nodes avoids the passphrase prompt.

Ref. https://www.digitalocean.com/community/tutorials/how-to-create-an-ssl-certificate-on-nginx-for-ubuntu-14-04

Ordering SSL certificates

Once you sent your CSR to your SSL provider, it will respond you with those,

You will also need their root CA and intermediate certificates – if those aren’t delivered, you might find it on their website. Eventually concatenate those two,

cd /etc/httpd/ssl/
cat intermediatecert rootcert > issuer-concat-cert.crt
chmod 400 issuer-concat-cert.crt