Create a Certificate Signing Request ( CSR ) :
1. Generate the Private Key
2. Generate the CSR
Inorder to create a Certificate Signing Request you will need the Openssl tool.
Generate the Private Key
website name : devops.com
Create a directory : ( same with the website name )
cd devops.com
1. create a random password :
a. windows device :
dd if=/dev/urandom bs=30 skip=100 count=1 | base64 -w20 > password.txt
or
b. mac device:
dd if=/dev/urandom bs=30 skip=100 count=1 | base64 -b20 > password.txt
2. This command generates a new key pair stored in a PEM-encoded file, encrypted with the password.
/devops.com>
openssl genrsa -passout file:password.txt -des3 4096 > private.pem
the private.pem ( by default this is encrypted )
how to decrypt ?
openssl rsa -in private.pem -out private.pem
Optional :
extract the public key:
openssl rsa -in private.pem -passin file:password.txt -pubout > public.pem
Generate the CSR
This command generates a CSR (Certificate Signing Request). For a server certificate, the subject should usually be the fully-qualified DNS name of the server.
The leading forward-slash is required (/CN=Devopshub not CN=Devopshub).
openssl req -new -key private.pem -passin file:password.txt -out csr.pem -subj /CN=Devopshub
how to convert the certs/.pem in to base64 format ?
base64 -b 0 csr.pem
openssl req -in csr.pem -text -noout
No comments:
Post a Comment