Generating a PEM dummy certificate

host=`hostname --long`
echo $host

mkdir private/
chmod 700 private/
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout private/$host.key -out $host.crt
chmod 400 private/$host.key

unset host

Note. -nodes avoids the passphrase prompt.


Ordering SSL certificates

Once you sent your CSR to your SSL provider, it will respond you with those,

  • the PEM certificate (possibly as .crt)
  • the private key with or without passphrase (possibly as .key)

You will also need their root CA and intermediate certificates -- if those aren't delivered, you might find it on their website. Eventually concatenate those two,

cd /etc/httpd/ssl/
cat intermediatecert rootcert > issuer-concat-cert.crt
chmod 400 issuer-concat-cert.crt