lovellfelix/gist:12f3f351f6067bdb3b6071b3aa5856d2

## gistfile1.txt
#Verfiy opensssl is installed
rpm -qa | grep -i openssl

#If it's not installed
yum install openssl openssl-devel

#Generate RSA key
openssl genrsa -out domain.com.key 2048

#Create CSR
openssl req -new -sha256 -key domain.com.key -out domain.com.csr

#Varify CSR
openssl req -noout -text -in domain.com.csr

# Generate Self Signed Key
openssl x509 -req -days 365 -in domain.com.csr -signkey domain.com.key -out domain.com.crt

#Verify Certificate
openssl x509 -in domain.name.crt -text -noout

#Export pfx with crt and key
openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt
# (Optional with Chain)
openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt -certfile domain.name.chain.crt

#Verify PFX
openssl pkcs12 -info -in domain.name.pfx

#Export private key from pfx
openssl pkcs12 -in domain.name.pfx -nocerts -out domain.com.key

#Export certificate from pfx
openssl pkcs12 -in domain.name.pfx -clcerts -nokeys -out domain.name.crt

#Export pem from pfx
openssl pkcs12 -in domain.name.pfx -out domain.name.pem -nodes

#Remove pass phrase from key
openssl rsa -in domain.name.key -out domain.name.key_nopass

#create PEM file from existing certificate files that form a chain
cat domain.name.key > domain.name.pem
cat domain.name.crt >> domain.name.pem
##OPTIONAL - with Intermediate chain
cat intermediate.crt >> domain.name.pem

#Checking MD5 hash of cert to ensure it match private key or csr
openssl x509 -noout -modulus -in domain.name.crt | openssl md5
openssl rsa -noout -modulus -in domain.name.key | openssl md5
openssl req -noout -modulus -in domain.name.csr | openssl md5

#Installation on APACHE
<VirtualHost *:443>
ServerName www.domain.com
DocumentRoot /path/to/htdocs

SSLEngine ON
SSLCertificateFile /etc/pki/tls/certs/domain.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/domain.com.key
#SSLCertificateChainFile /etc/pki/tls/certs/domain.com-chain.crt

ErrorLog logs/ssl.domain.com.error_log
CustomLog logs/ssl.domain.com.access_log combined
</VirtualHost>
	#Verfiy opensssl is installed
	rpm -qa \| grep -i openssl

	#If it's not installed
	yum install openssl openssl-devel

	#Generate RSA key
	openssl genrsa -out domain.com.key 2048

	#Create CSR
	openssl req -new -sha256 -key domain.com.key -out domain.com.csr

	#Varify CSR
	openssl req -noout -text -in domain.com.csr

	# Generate Self Signed Key
	openssl x509 -req -days 365 -in domain.com.csr -signkey domain.com.key -out domain.com.crt

	#Verify Certificate
	openssl x509 -in domain.name.crt -text -noout

	#Export pfx with crt and key
	openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt
	# (Optional with Chain)
	openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt -certfile domain.name.chain.crt

	#Verify PFX
	openssl pkcs12 -info -in domain.name.pfx

	#Export private key from pfx
	openssl pkcs12 -in domain.name.pfx -nocerts -out domain.com.key

	#Export certificate from pfx
	openssl pkcs12 -in domain.name.pfx -clcerts -nokeys -out domain.name.crt

	#Export pem from pfx
	openssl pkcs12 -in domain.name.pfx -out domain.name.pem -nodes

	#Remove pass phrase from key
	openssl rsa -in domain.name.key -out domain.name.key_nopass

	#create PEM file from existing certificate files that form a chain
	cat domain.name.key > domain.name.pem
	cat domain.name.crt >> domain.name.pem
	##OPTIONAL - with Intermediate chain
	cat intermediate.crt >> domain.name.pem

	#Checking MD5 hash of cert to ensure it match private key or csr
	openssl x509 -noout -modulus -in domain.name.crt \| openssl md5
	openssl rsa -noout -modulus -in domain.name.key \| openssl md5
	openssl req -noout -modulus -in domain.name.csr \| openssl md5

	#Installation on APACHE
	<VirtualHost *:443>
	ServerName www.domain.com
	DocumentRoot /path/to/htdocs

	SSLEngine ON
	SSLCertificateFile /etc/pki/tls/certs/domain.com.crt
	SSLCertificateKeyFile /etc/pki/tls/private/domain.com.key
	#SSLCertificateChainFile /etc/pki/tls/certs/domain.com-chain.crt

	ErrorLog logs/ssl.domain.com.error_log
	CustomLog logs/ssl.domain.com.access_log combined
	</VirtualHost>