How To: generate CSR, Self-signed and CA certificat

Please make sure you have openssl installed on your machine, or:

Ubuntu: apt-get install openssl
Redhat: yum install -y openssl

CSR (Certificate Signing Request)

Before you can order an SSL certificate, it is recommended that you…


This content originally appeared on DEV Community 👩‍💻👨‍💻 and was authored by Yassine Sellami

Please make sure you have openssl installed on your machine, or:

Ubuntu: apt-get install openssl
Redhat: yum install -y  openssl

CSR (Certificate Signing Request)

Before you can order an SSL certificate, it is recommended that you generate a CSR from your server.

To avoid the repetition of openssl cli for each domain, The below script allow you to generate CSR and Key with only pass the domain name as an agr:

This script w'll generate two files:

  • .csr : TO be sent to CertProvider for purchase your SSL certificate.
  • .key : Private key used by the server to encrypt and package data for verification by clients.
$ vi csr-key-generator.sh
---
#!/usr/bin/env bash
DOMAIN=$1
if [ -z "$1" ]; then 
    echo "USAGE: $0 domain.com"
    exit
fi

# CSR Attributs, there is a possibility for CertProvider can change information(company, locality..) before issue the certificate.

SUBJ="
C=MA
ST=ST
O=My Company
localityName=City
commonName=$DOMAIN
organizationalUnitName=IT
emailAddress=admin@domain.com
"

# Generate CSR & Private Key
openssl genrsa -out "$DOMAIN.key" 2048
openssl req -new -subj "$(echo -n "$SUBJ" | tr "\n" "/")" -key "$DOMAIN.key" -out "$DOMAIN.csr"

echo "done! enjoy"

Add execution ability to the shell file, and run it:

$ chmod +x csr-key-generator.sh
$ ./csr-key-generator.sh domain.com
output: done! enjoy
$ ls
domain.com.csr domain.com.key

CA (certificate authority)

CA is an entity responsible for issuing digital certificates to verify identities on the internet.

$ openssl req -x509 -sha256 -days 356 -nodes  
    \ -newkey rsa:2048 
    \ -subj "/CN=root.com/C=MA/L=Locality"
    \ -keyout rootCA.key -out rootCA.crt

Self-signed certificate

To-way:

## Use previous CSR,Key: 

$ openssl x509 -req -days 365 -in domain.com.csr 
  \ -signkey domain.com.key -out domain.com.crt

[OR]
## Use previous CA:

$ vi extCert.conf
--- 
subjectAltName = DNS:*.domain.com

$ openssl x509 -req -in domain.com.csr 
  \ -CA rootCA.crt -CAkey rootCA.key -CAcreateserial
  \ -out demo.domain.com.crt -days 365 -sha256 
  \ -extfile extCert.conf

Review the certificate

$ openssl x509 -in domain.com.crt -text -noout


This content originally appeared on DEV Community 👩‍💻👨‍💻 and was authored by Yassine Sellami


Print Share Comment Cite Upload Translate Updates
APA

Yassine Sellami | Sciencx (2022-09-27T22:52:56+00:00) How To: generate CSR, Self-signed and CA certificat. Retrieved from https://www.scien.cx/2022/09/27/how-to-generate-csr-self-signed-and-ca-certificat/

MLA
" » How To: generate CSR, Self-signed and CA certificat." Yassine Sellami | Sciencx - Tuesday September 27, 2022, https://www.scien.cx/2022/09/27/how-to-generate-csr-self-signed-and-ca-certificat/
HARVARD
Yassine Sellami | Sciencx Tuesday September 27, 2022 » How To: generate CSR, Self-signed and CA certificat., viewed ,<https://www.scien.cx/2022/09/27/how-to-generate-csr-self-signed-and-ca-certificat/>
VANCOUVER
Yassine Sellami | Sciencx - » How To: generate CSR, Self-signed and CA certificat. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2022/09/27/how-to-generate-csr-self-signed-and-ca-certificat/
CHICAGO
" » How To: generate CSR, Self-signed and CA certificat." Yassine Sellami | Sciencx - Accessed . https://www.scien.cx/2022/09/27/how-to-generate-csr-self-signed-and-ca-certificat/
IEEE
" » How To: generate CSR, Self-signed and CA certificat." Yassine Sellami | Sciencx [Online]. Available: https://www.scien.cx/2022/09/27/how-to-generate-csr-self-signed-and-ca-certificat/. [Accessed: ]
rf:citation
» How To: generate CSR, Self-signed and CA certificat | Yassine Sellami | Sciencx | https://www.scien.cx/2022/09/27/how-to-generate-csr-self-signed-and-ca-certificat/ |

Please log in to upload a file.




There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.