ringate/ssl-generate.md

## ssl-generate.md

      
    Raw
  

              ssl-generate.md
            
          
    SSL Certificate Generate

Step 1

Command for generate CSR & KEY files.
openssl req -new -newkey rsa:2048 -nodes -out www_yourdomain_com.csr -keyout www_yourdomain_com.key
Step 2

Submit CSR key to famous certificate authority (CA) like DigiCert or Symantec.
Step 3

Certificate authority will return 2 cert files.

One is cert file based on your CSR file. E.g. www_yourdomain_com.crt
Another one is CA/Root cert about Certificate Authority.

Step 4

Using md5 file checksum to confirm KEY and Cert are match.
openssl x509 -noout -modulus -in www_yourdomain_com.crt | openssl md5
openssl rsa -noout -modulus -in www_yourdomain_com.key | openssl md5
Certificate Convert

Convert .CRT to .PEM

openssl x509 -in mycert.crt -out mycert.der -outform DER
openssl x509 -in mycert.der -inform DER -out mycert.pem -outform PEM
Convert .CER to .PEM

openssl x509 -inform der -in mycert.cer -outform pem -out mycert.pem
Convert .P12 to .PEM

openssl pkcs12 -in mycert.p12 -out mycert.pem -nodes -clcerts
Convert .PFX to .PEM

openssl pkcs12 -in mycert.pfx -out mycert.txt -nodes
Open the mycert.txt file that the command created in a text editor. Copy each certificate/private key to its own text file including the headers like
-----BEGIN RSA PRIVATE KEY-----
and
-----BEGIN CERTIFICATE-----
Then save them with names such as mycert.key, mycert.crt, intermediateCA.crt.
Reference:

https://www.sslshopper.com/move-or-copy-an-ssl-certificate-from-a-windows-server-to-an-apache-server.html