PKI // Playing with OpenSSL

Generating a PEM dummy certificate

host=`hostname --long`
echo $host

mkdir private/
chmod 700 private/
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout private/$host.key -out $host.crt
chmod 400 private/$host.key

unset host

Note. -nodes avoids the passphrase prompt.


Ordering SSL certificates

Once you sent your CSR to your SSL provider, it will respond you with those,

You will also need their root CA and intermediate certificates – if those aren’t delivered, you might find it on their website. Eventually concatenate those two,

cd /etc/httpd/ssl/
cat intermediatecert rootcert > issuer-concat-cert.crt
chmod 400 issuer-concat-cert.crt

Nethence | Doc | Pub | Lab | Pbraun | SNE Russia | xhtml