Generate Trusted SSL Certificate with OpenSSL

From Bonus Bits
Jump to: navigation, search

Purpose

This article gives the steps to generate a trusted SSL/TLS Certificate with OpenSSL and a Trusted Certificate Authority for a Web Site on Linux.


Prerequisites

  • openssl


Example Environment

  • macOS
  • Trusted Cert Provider ssls.com
  • Gitlab Nginx Example


Create CSR (Certificate Request)

Create a certificate with a Trusted Certificate Authority either internal CA or external 3rd Party Certificate Authority.

  1. Create Private Key (KEY) and Request (CSR)
    openssl req -nodes -newkey rsa:2048 -keyout gitlab.domain.com.key -out gitlab.domain.com.csr
    
    1. Enter Country Name US
    2. Enter State or Province Full Name
    3. Enter City Name
    4. Enter Organization Name
    5. Enter Company Name
    6. Enter Organizational Unit Name
    7. Enter server hostname i.e. URL gitlab.domain.com
    8. Enter Admin Email Address
    9. Skip Challenge Password (Hit Enter)
    10. Skip Optional Company Name (Hit Enter)


Submit CSR to Trusted Provider

  1. Submit Certificate Request CSR through Trusted providers web interface.
    1. Usually you copy/paste the CSR contents into a web form

Icon-Tip-Square-Green.png Usually the Certificate Return CRT will be delivered via email as a zip file. Follow steps to deploy and configure the certificate specific to the application of system I have a few examples below under Related Articles


Related Articles


Sources