Generate Trusted SSL Certificate with OpenSSL

From Bonus Bits
Jump to: navigation, search


This article gives the steps to generate a trusted SSL/TLS Certificate with OpenSSL and a Trusted Certificate Authority for a Web Site on Linux.


  • openssl

Example Environment

  • macOS
  • Trusted Cert Provider
  • Gitlab Nginx Example

Create CSR (Certificate Request)

Create a certificate with a Trusted Certificate Authority either internal CA or external 3rd Party Certificate Authority.

  1. Create Private Key (KEY) and Request (CSR)
    openssl req -nodes -newkey rsa:2048 -keyout -out
    1. Enter Country Name US
    2. Enter State or Province Full Name
    3. Enter City Name
    4. Enter Organization Name
    5. Enter Company Name
    6. Enter Organizational Unit Name
    7. Enter server hostname i.e. URL
    8. Enter Admin Email Address
    9. Skip Challenge Password (Hit Enter)
    10. Skip Optional Company Name (Hit Enter)


  1. openssl req -nodes -newkey rsa:2048 -keyout -out
    1. US
    2. Oregon
    3. Portland
    4. Bonus Bits
    5. Bonus Bits
    6. Web Administrators
    9. <Enter>
    10. <Enter>

Submit CSR to Trusted Provider

  1. Submit Certificate Request CSR through Trusted providers web interface.
    1. Usually you copy/paste the CSR contents into a web form

Icon-Tip-Square-Green.png Usually the Certificate Return CRT will be delivered via email as a zip file. Follow steps to deploy and configure the certificate specific to the application of system I have a few examples below under Related Articles

Related Articles