Product:
OPENSSL
Linux Centos
Problem:
How create a SSL (TLS) request for a server that need a certificate?
Suggested Solution:
Install openssl on your Centos Linux with command:
yum install openssl
Create a folder to work in mkdir /ibm
Go to that folder cd /ibm
Create a text file with a text editor like; nano san.txt
[ req ] default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = req_ext prompt = no [ req_distinguished_name ] countryName = Country Name (2 letter code) stateOrProvinceName = State or Province Name (full name) localityName = Locality Name (eg, city) organizationName = Organization Name (eg, company) commonName = Common Name (e.g. server FQDN or YOUR name) [ req_ext ] subjectAltName = @alt_names [alt_names] DNS.1 = servername DNS.2 = servername.domain.com DNS.3 = dnsalias.domain.com
Save above text in the file after you change to your server-names.
openssl req -out /ibm/request.csr -newkey rsa:2048 -nodes -keyout /ibm/privateKey.pem -config /ibm/san.txt
Above will give a new server private key and a certificate request for a cert.
Check the request with command:
openssl req -text -noout -verify -in request.csr
Check the private key with command:
openssl rsa -in privateKey.pem -check
The private-key should only be stored on the server where it should be used.
The certificate request you copy and paste to your Certificate Authority to generate your certificate.
newkey rsa:2048
This option creates a new certificate request and a new private key.
More information:
https://www.openssl.org/docs/man1.1.1/man1/req.html
https://www.sslshopper.com/article-most-common-openssl-commands.html
https://geekflare.com/san-ssl-certificate/
https://www.azure365pro.com/install-and-configure-certificate-authority-in-windows-server-2016/
https://www.altaro.com/hyper-v/view-revoke-manually-approve-certificates/
Managing Certs with Windows Certificate Manager and PowerShell [Tutorial]