Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
# 1. Generate private key
openssl genrsa -out /etc/ssl/private/example.com.key 4096
# 2. Generate Certificate Signing Request (CSR)
# [Fill in details as appropriate leaving email, challenge password, and optional company name empty. Be careful with FQDN!]
openssl req -new -key /etc/ssl/private/example.com.key -out /etc/ssl/private/example.com.csr
# 3. Submit CSR and recieve site certificate
# 4. Set permissions as appropriate
chown root:root /etc/ssl/private/example.com.*
chmod 0400 /etc/ssl/private/example.com.*
# 5a. Receive the certificate files and upload them to the server (e.g. 755 perms)
# 5b. Concatenate certificates into a certchain in order of specificity
# [Most to least specific. Can exclude root certificate most of the time.]
cat /etc/ssl/certs/example.com.crt /etc/ssl/certs/example.com.ca-bundle > /etc/ssl/certs/example.com.certchain.crt
# 6. Optional: If required, create a *.pem file from the private key and certchain
cat /etc/ssl/private/example.com.key /etc/ssl/certs/example.com.certchain.crt > /etc/ssl/private/example.com.pem
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.