(1) Loginto the server in which cert to be generated.
First we have to generate private key using following command
#openssl genrsa 2048 > servername.key
(2)Next we have to generate csr (certificate signing request) to be sent to CERTIFICATE AUTHORITY using following command
#openssl req -new -key servername.key -out servername.csr
Input the parameters when asked
(NOTE: The common name parameter should be the site name we are hosting)
[root@uat004 crts]# openssl req -new -key private
.key -out vinotest.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:
State or Province Name (full name) :
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) :
Common Name (eg, your name or your server's hostname) :
Email Address :
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password :
An optional company name :
(Note: Dont enter any password or optional company name)
Then cat servername.csr
Then paste the csr in https://ssl-tools.verisign.com/#csrValidator to check if the generated csr have all the information we supplied.
Then we have to send the csr to certificate signing authority and they will send servername.crt
FOr creating self signed certificate ssl(self signed)
openssl x509 -req -days 365 -in name.csr -signkey private.key -out certficatename.crt