Creating SSL Certificates for Red-Hat

Posted in software by Christopher R. Wirz on Sat Jan 03 2015



These steps will help create an SSL certificate quickly for your server. Once complete, your website will support HTTPS.

First, display your key.

In Linux, this is:

cat ~/.ssh/id_rsa.pub

In MacOS, this will copy to the clipboard:

pbcopy < ~/.ssh/id_rsa.pub

If nothing is displayed, generate a new key. You might as well set it up to work with Git.

git config --global user.name "chriswirz"
git config --global user.email "chris@chriswirz.com"
ssh-keygen -t rsa -C "chris@chriswirz.com"

If you don't care about git, just run the basic keygen command.

ssh-keygen -t rsa

With the keys created, define your certificate directory ($CERT_DIRECTORY)

export CERT_DIRECTORY=/home/crwirz/cert

Then create the key and csr file.

cd $CERT_DIRECTORY
openssl genrsa -des3 -out $CERT_DIRECTORY/chriswirz.com.key 2048
openssl req -new -key chriswirz.com.key -out chriswirz.com.csr

The generated csr file will need to be uploaded to your certificate provider. The generated key file will be used on your server. Do not share this file.

Upload the csr file to your respective certificate provider. They will send you a package of certificate files.

The .crt file is the SSL Certificate. Certificate files must be Base64 PEM-encoded and typically have a .crt or .pem extension. You may combine multiple certificates and certificate chains in a single file, but the RSA or DSA private key must always be provided in a separate file.

The .p7b file is the SSL Certificate Chain.

Finally, you will need the original .key file you generated for your Certificate Private Key. The key is RSA or DSA private key file for the root certificate in PEM-encoded format.

Looking for a job?