Editing
SSL certificate CSR generation
Jump to navigation
Jump to search
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
Generating CSR and applying generated certificate on server CSR β Certificate Signing Request Brose website URL click on padlock click on certificate Click on Details tab, under this click on subject Copy all information under subject to notepad Login to phobos.apoyar Go to below path β’ cd /home/neal/certs Generate key using below command with proper key name β’ openssl genrsa -out key_name.key 2048 Generate CSR with below command with appropriate information, which we have copied in notepad β’ openssl req -new -key key_name.key -sha256 -nodes -subj '/C=BE/ST= Overijssel /L= Oldenzaal/O= Bleckmann Nederland B.V. STREET = Eekboerstraat 25 /OU=IT/CN= b2b.bleckmann.com /emailAddress=support2@apoyar.eu/subjectAltName=DNS.1= abc.com, DNS.2= xyz.com, DNS.3= xuv.com ' > name.csr Note :- above command is for example, we have to enter appropriate info as per the client After generating check CSR information using below command β’ openssl req -in name.csr -noout βtext Once CSR is generated, we have to send it to the client, then they will send us certificate files in zipped format through mail Once we receive that zip file, get that zipped file to phobos.apoyar and unzip, it includes 3-4 files To create a single certificate using all that 4 files, run below command with same files sequence β’ cat STAR_pointcarre_be.crt USERTrustRSAAAACA.crt SectigoRSADomainValidationSecureServerCA.crt AAACertificateServices.crt > pointcarre_2023.crt Note :- above command is for example, we have to edit filenames as per the client Once we generated a single certificate (.crt), then we have to verify and check that with key file using below command β’ openssl x509 -noout -modulus -in cert_name.crt | openssl md5 && openssl rsa -noout -modulus -in key_name.key | openssl md5 Once this verification done, get that certificate on the respected servers at below path. β’ cd /etc/ssl/certs/ And then go to below path & edit required nginx configuration files and provide there new certificate path with name. β’ cd /etc/nginx/sites-available Once all done, run below command, check all syntax errors and if we get successful message then reload nginx β’ nginx -t β’ service nginx reload Once we done for all servers, go to jupiter.apoyar Open Notepad as admin. Open the hosts file (C:\Windows\System32\drivers\etc) and find the according domain entries. Remove the hash and save. Once again reload nginx and wait for some time. Test, bring up the cert. Once certificate is reflected on sites, go to jupiter.apoyar Open Notepad as admin. Open the hosts file (C:\Windows\System32\drivers\etc) and find the according domain entries. Add the hash and save.
Summary:
Please note that all contributions to Apoyar Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Apoyar Wiki:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Navigation menu
Personal tools
Not logged in
Talk
Contributions
Create account
Log in
Namespaces
Page
Discussion
British English
Views
Read
Edit
View history
More
Search
Navigation
Main page
Apoyar Infrastructure
Active Directory
Recent changes
Random page
Upload file
Tools
What links here
Related changes
Special pages
Page information