Generate CSR and Private Key with openssl in Linux RHEL 7
Generate CSR and Private Key with openssl in Linux RHEL 7 |
Generate CSR and Private Key with OpenSSL in Linux RHEL 7 - Hello everyone, in this article I will share one of the ways that you may still need to get .csr and .key files for SSL that you will buy and implement on your web server.
On this occasion, I shared How to generate.CSR and .key with OpenSSL in Linux Redhat, which is intended for SSL wildcards that can be used for main domains, and your subdomains are usually called SAN (Subject Alternative Name).
Preparation
Make sure you have OpenSSL installed in your machine by looking at the command whether it is already in the /var /run/openssl directory, or you can see the version by:
# openssl version
Installing
If you don't have it, you can install it first in the following way:
# yum groupinstall "Development Tools"
Also, make sure that before installing the development tools you have mounted your local repo and have activated your Redhat subscription.
After all that is needed, it is time for us to generate this SSL wildcard.
Configure
Create 1 .conf file
Create a file in the directory you want, in this case, I created a .conf file in the /home/kitsake directory.
# cd /home/kitsake # vi kitsake.conf
[ req ] default_bits = 2048 # RSA key size encrypt_key = no # Protect private key default_md = sha256 # MD to use utf8 = yes # Input is UTF-8 string_mask = utf8only # Emit UTF-8 strings prompt = no # Prompt for DN distinguished_name = server_dn # DN template req_extensions = server_reqext # Desired extensions [ server_dn ] countryName = ID # ISO 3166 stateOrProvinceName = Banten localityName = Tangerang organizationName = PT. Bangkit Ade Saputra organizationalUnitName = IT commonName = *.kitsake.com # Should match a SAN under alt_names [ server_reqext ] basicConstraints = CA:FALSE keyUsage = critical,digitalSignature,keyEncipherment extendedKeyUsage = serverAuth subjectKeyIdentifier = hash subjectAltName = @alt_names [alt_names] DNS.1 = *.kitsake.com #Example DNS.2 = kitsake.com
Save & exit
Make sure you have replaced the [server_dn] and [alt_names] with your information, or you can customize your own options as needed.
Make the .csr and .key
After you create the file correctly, then kitsake is ordered to make the .csr and .key files.
# openssl req -new -newkey rsa:2048 -nodes -keyout kitsake.com.key -out kitsake.com.csr -config kitsake.conf
There will be 2 files generated from the command above, namely .csr and .key in the same directory (/home/kitsake)
generate CSR and private key with OpenSSL |
Trying
In this case, to make sure our file is correct or not, we can test it in the CSR Decoder and paste our CSR information into the column provided, whether it is read according to what we want.
make sure the CSR file is read |
Closing statement
In conclusion, this article has detailed the process of generating .csr and .key files using OpenSSL in Linux Redhat, particularly for SSL wildcards that can be utilized for main domains and their subdomains, often referred to as Subject Alternative Name (SAN).
By following the steps outlined in this guide, you can efficiently create the necessary SSL files for securing your web server. Whether it's for commercial purposes or personal projects, having a clear understanding of how to generate these files ensures a smooth SSL implementation process.
Maybe that's all I can share with you guys, hopefully this article will be useful.
Thank You.
Post a Comment for "Generate CSR and Private Key with openssl in Linux RHEL 7"
Post a Comment