Articles in this section

Steps to Generate SSL Certificate on Linux and setup Self Signed certificate

 

Introduction

This article provides the steps on how to generate CSR and key for SSL certs.

 

Steps to generate

To generate CSR, the OpenSSL tool needs to be installed first.

sudo yum install openssl

 

Verify if OpenSSL is correctly installed.

openssl version -a

 

Execute the command to generate CSR and private key

openssl req -new -newkey rsa:2048 -nodes -keyout jetpatch.key -out jetpatch.csr -subj "/CN=jetpatch.local"

 

The files jetpatchkey and jetpatch.csr will be created in the path you executed the command

 

To obtain the Third party SSL certificate share the .csr file with the certificate renewal team

Once you receive the .crt, place the file and .key in path

 

For Self-Signed certificate

Create an OpenSSL configuration file (openssl.cnf) with the Basic Constraints in same path

[ req ]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no

[ req_distinguished_name ]
CN = jetpatch.local

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = jetpatch.local
DNS.2 = www.jetpatch.com

 

Using the .csr and key from the above steps create Self-signed certificate with below command 

openssl x509 -req -in jetpatch.csr -signkey jetpatch.key -out jetpatch.crt -days 365 -extfile openssl.cnf -extensions v3_req

 

Copy the newly created jetpatch.key and jetpatch.crt to path /etc/nginx/intigua-sslcert/ and give required permissions

cp jetpatch.key jetpatch.crt /etc/nginx/intigua-sslcert/

 

Edit the intigua.nginx.conf in path /etc/nginx/conf/ and change to

 

ssl_certificate /etc/nginx/intigua-sslcert/jetpatch.crt; 
ssl_certificate_key /etc/nginx/intigua-sslcert/jetpatch.key;

Restart the Nginx

systemctl restart nginx

 

Since this is a self-signed certificate and the user wants to access the JetPatch application from their local computer, you need to create a .pfx file, that consists of the certificate and private key. Once created, the .pfx file can be imported into the Windows MMC (Microsoft Management Console) to enable a valid SSL/TLS handshake.

Command to generate .pfx file (this prompt for password)

openssl pkcs12 -export -out jetpatch.pfx -inkey jetpatch.key -in jetpatch.crt

Once generated copy the .pfx file to local computer and import to Windows MMC (Microsoft Management Console)

The import will prompt for password, use the same one that you used while creation of the file

Go to browser and hit the URL and this is show valid certificate

 

 

Related articles

Comments

1 comment

Date Votes
  • Hitesh Jha

    Once we generate the SSL certificate on our JetProxy server following the above steps and get it authorized internally with the PKI Team (CA Certificate Authority), what will be the next step?

    0
    Comment actions Permalink

Please sign in to leave a comment.