SSL certificate CSR generation

From Apoyar Wiki
Revision as of 14:41, 19 September 2022 by Admin (talk | contribs) (Created page with "Generating CSR and applying generated certificate on server CSR – Certificate Signing Request Brose website URL click on padlock click on certificate Click on Details tab, under this click on subject Copy all information under subject to notepad Login to phobos.apoyar Go to below path • cd /home/neal/certs Generate key using below command with proper key name • openssl genrsa -out key_name.key 2048 Generate CSR with below command with appropriate info...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Generating CSR and applying generated certificate on server

CSR – Certificate Signing Request

Brose website URL

click on padlock

click on certificate

Click on Details tab, under this click on subject

Copy all information under subject to notepad


Login to phobos.apoyar

Go to below path

• cd /home/neal/certs

Generate key using below command with proper key name

• openssl genrsa -out key_name.key 2048

Generate CSR with below command with appropriate information, which we have copied in notepad

• openssl req -new -key key_name.key -sha256 -nodes -subj '/C=BE/ST= Overijssel /L= Oldenzaal/O= Bleckmann Nederland B.V. STREET = Eekboerstraat 25 /OU=IT/CN= b2b.bleckmann.com /emailAddress=support2@apoyar.eu/subjectAltName=DNS.1= abc.com, DNS.2= xyz.com, DNS.3= xuv.com ' > name.csr

Note :- above command is for example, we have to enter appropriate info as per the client



After generating check CSR information using below command

• openssl req -in name.csr -noout –text


Once CSR is generated, we have to send it to the client, then they will send us certificate files in zipped format through mail

Once we receive that zip file, get that zipped file to phobos.apoyar and unzip, it includes 3-4 files

To create a single certificate using all that 4 files, run below command with same files sequence

• cat STAR_pointcarre_be.crt USERTrustRSAAAACA.crt SectigoRSADomainValidationSecureServerCA.crt AAACertificateServices.crt > pointcarre_2023.crt

Note :- above command is for example, we have to edit filenames as per the client

Once we generated a single certificate (.crt), then we have to verify and check that with key file using below command

• openssl x509 -noout -modulus -in cert_name.crt | openssl md5 && openssl rsa -noout -modulus -in key_name.key | openssl md5




Once this verification done, get that certificate on the respected servers at below path.

• cd /etc/ssl/certs/

And then go to below path & edit required nginx configuration files and provide there new certificate path with name.

• cd /etc/nginx/sites-available


Once all done, run below command, check all syntax errors and if we get successful message then reload nginx

• nginx -t

• service nginx reload

Once we done for all servers, go to jupiter.apoyar Open Notepad as admin. Open the hosts file (C:\Windows\System32\drivers\etc) and find the according 

domain entries. Remove the hash and save. Once again reload nginx and wait for some time. Test, bring up the cert.

Once certificate is reflected on sites, go to jupiter.apoyar Open Notepad as admin. Open the hosts file (C:\Windows\System32\drivers\etc) and find the

according domain entries. Add the hash and save.

Retrieved from ‘https://wiki.apoyar.eu/index.php?title=SSL_certificate_CSR_generation&oldid=248