Category: certificate

Generating a CSR to use with your own CA

March 15, 2019 / / 0 Comments

This method of generating the certificate with this CSR is useful when using for a web server, as without specifying the req_ext “SAN”, most popular browsers will display an error “ERR:certificate_common_name_invalid”

[ req ]
default_bits = 4096
prompt = no 
encrypt_key = no
default_md = sha256
distinguished_name = dn
req_extensions = req_ext

[ dn ]
CN = example.com
emailAddress = [email protected]
O = Example
Company OU = Example Unit
L = City
ST = State
C = US
[ req_ext ]
subjectAltName = DNS: www.example.com, DNS: mail.example.com, DNS: files.example.com

Fill in the above with relevant details and save it as yourdomain.com.conf Then, run OpenSSL using the below command :

openssl req -new -config yourdomain.com.conf -keyout yourdomain.com.key -out yourdomain.com.csr

If you are doing this for an Apache web server, you’ll have to make sure you have the a2enmod ssl enabled and add the below to your VirtualHost configuration file

 SSLEngine on
 SSLCertificateFile /home/user/certificates/yourhostcert.crt
 SSLCertificateKeyFile /home/user/certificates /yourdomain.com.key
 SSLCertificateChainFile /home/user/certificates/root_combined.cer

Certificate Signing Request

October 19, 2018 / / 0 Comments

When deploying a new linux machine for a new domain and you intend on using LAMP services, you will most likely need to create an SSL certificate. Below is the command you will need to run from any directory to create the CSR request and eventual certificate key. 

openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

Once you have run the command, you will be prompted to input some information such as company name, admin email, department and eventually a password. Please use a password with no spaces and keep it “simple” to letters and numbers. Once this is completed the two files will be created in your working directory.

Run the below command to output the contents to your terminal shell where you will be able to copy them from –

cat yourdomain.csr

You will want to upload the contents of the CSR file to your desired SSL certificate authority and download your certificate.