Command for generate CSR & KEY files.
openssl req -new -newkey rsa:2048 -nodes -out www_yourdomain_com.csr -keyout www_yourdomain_com.key
Submit CSR key to famous certificate authority (CA) like DigiCert or Symantec.
Certificate authority will return 2 cert files.
- One is cert file based on your CSR file. E.g.
www_yourdomain_com.crt
- Another one is CA/Root cert about Certificate Authority.
Using md5 file checksum to confirm KEY and Cert are match.
openssl x509 -noout -modulus -in www_yourdomain_com.crt | openssl md5
openssl rsa -noout -modulus -in www_yourdomain_com.key | openssl md5
openssl x509 -in mycert.crt -out mycert.der -outform DER
openssl x509 -in mycert.der -inform DER -out mycert.pem -outform PEM
openssl x509 -inform der -in mycert.cer -outform pem -out mycert.pem
openssl pkcs12 -in mycert.p12 -out mycert.pem -nodes -clcerts
openssl pkcs12 -in mycert.pfx -out mycert.txt -nodes
Open the mycert.txt file that the command created in a text editor. Copy each certificate/private key to its own text file including the headers like
-----BEGIN RSA PRIVATE KEY-----
and
-----BEGIN CERTIFICATE-----
Then save them with names such as mycert.key, mycert.crt, intermediateCA.crt.