Instructions and examples for commonly used OpenSSL functions.
Author: Brett Verney
Version: v0.2 | 28-09-2022
- OpenSSL software
- Organisation details
- Server FQDN details
1.) Open the file openssl.cnf with a text editor
2.) Replace the example values with real information and save (see req_ext_examples.txt)
3.) Using a CLI terminal run the command:
openssl req -new -out server.csr -newkey rsa:2048 -nodes -sha256 -keyout private.key -config openssl.cnf
4.) Verify the contents of the CSR with the following command:
openssl req -in server.csr -noout -text
5.) Save private key in a password safe application
6.) Submit CSR to CA to sign
7.) Import CA signed certificate, any root and/or imtermediate certificates, and private key to servers
8.) Optionally combine the signed certificate with the private key to PKCS12 format with the following command:
openssl pkcs12 -export -out server.p12 -in server.cer -inkey private.key -passin pass:secure_password -passout pass:secure_password