Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
# 1. Generate private key
openssl genrsa -out /etc/ssl/private/ 4096
# 2. Generate Certificate Signing Request (CSR)
# [Fill in details as appropriate leaving email, challenge password, and optional company name empty. Be careful with FQDN!]
openssl req -new -key /etc/ssl/private/ -out /etc/ssl/private/
# 3. Submit CSR and recieve site certificate
# 4. Set permissions as appropriate
chown root:root /etc/ssl/private/*
chmod 0400 /etc/ssl/private/*
# 5a. Receive the certificate files and upload them to the server (e.g. 755 perms)
# 5b. Concatenate certificates into a certchain in order of specificity
# [Most to least specific. Can exclude root certificate most of the time.]
cat /etc/ssl/certs/ /etc/ssl/certs/ > /etc/ssl/certs/
# 6. Optional: If required, create a *.pem file from the private key and certchain
cat /etc/ssl/private/ /etc/ssl/certs/ > /etc/ssl/private/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.