Generate CSR and Private Key with openssl in Linux RHEL 7

Generate CSR and Private Key with openssl in Linux RHEL 7

Generate CSR and Private Key with OpenSSL in Linux RHEL 7 - Hello everyone, in this article I will share one of the ways that you may still need to get .csr and .key files for SSL that you will buy and implement on your web server.

On this occasion, I shared How to generate.CSR and .key with OpenSSL in Linux Redhat, which is intended for SSL wildcards that can be used for main domains, and your subdomains are usually called SAN (Subject Alternative Name).

Preparation

Make sure you have OpenSSL installed in your machine by looking at the command whether it is already in the /var /run/openssl directory, or you can see the version by:

# openssl version

Installing

If you don't have it, you can install it first in the following way:

# yum groupinstall "Development Tools"

Also, make sure that before installing the development tools you have mounted your local repo and have activated your Redhat subscription.

After all that is needed, it is time for us to generate this SSL wildcard.

Configure

Create 1 .conf file 

Create a file in the directory you want, in this case, I created a .conf file in the /home/kitsake directory.

# cd /home/kitsake
# vi kitsake.conf

[ req ]
default_bits            = 2048  # RSA key size
encrypt_key             = no  # Protect private key
default_md              = sha256  # MD to use
utf8                    = yes  # Input is UTF-8
string_mask             = utf8only  # Emit UTF-8 strings
prompt                  = no  # Prompt for DN
distinguished_name      = server_dn  # DN template
req_extensions          = server_reqext  # Desired extensions

[ server_dn ]
countryName             = ID  # ISO 3166
stateOrProvinceName     = Banten
localityName            = Tangerang
organizationName        = PT. Bangkit Ade Saputra
organizationalUnitName  = IT
commonName              = *.kitsake.com  # Should match a SAN under alt_names

[ server_reqext ]
basicConstraints        = CA:FALSE
keyUsage                = critical,digitalSignature,keyEncipherment
extendedKeyUsage        = serverAuth
subjectKeyIdentifier    = hash
subjectAltName          = @alt_names

[alt_names]
DNS.1                   = *.kitsake.com  #Example
DNS.2                   = kitsake.com

Save & exit

Make sure you have replaced the [server_dn] and [alt_names] with your information, or you can customize your own options as needed.

Make the .csr and .key

After you create the file correctly, then kitsake is ordered to make the .csr and .key files.

# openssl req -new -newkey rsa:2048 -nodes -keyout kitsake.com.key -out kitsake.com.csr -config kitsake.conf

There will be 2 files generated from the command above, namely .csr and .key in the same directory (/home/kitsake)

generate CSR and private key with OpenSSL

Trying

In this case, to make sure our file is correct or not, we can test it in the CSR Decoder and paste our CSR information into the column provided, whether it is read according to what we want.

make sure the CSR file is read

Closing statement

In conclusion, this article has detailed the process of generating .csr and .key files using OpenSSL in Linux Redhat, particularly for SSL wildcards that can be utilized for main domains and their subdomains, often referred to as Subject Alternative Name (SAN). 

By following the steps outlined in this guide, you can efficiently create the necessary SSL files for securing your web server. Whether it's for commercial purposes or personal projects, having a clear understanding of how to generate these files ensures a smooth SSL implementation process.

Maybe that's all I can share with you guys, hopefully this article will be useful.

Thank You.