Loading...
HOWTO: Generate an RSA Private Key, Generate a CSR to request a Certificate, and use the Certificate in a .pem file
This HOWTO is written with GoDaddy in mind. They have good pricing but just need a bit of work to get the certificates created. The .pem file created in the four steps below can be used by something like Pound for HTTPS reverse proxying.
Contents
- Generate a private key file
- Generate a Certificate Signing Request (CSR) to send to GoDaddy
- Paste the CSR where GoDaddy asks for it
- (Optional) Download the .crt file (zipped) from GoDaddy and generate .pem file
1. Generate a private key file
# openssl genrsa -des3 -out example.thusa.co.za.key 1024 Generating RSA private key, 1024 bit long modulus ...........++++++ .............++++++ e is 65537 (0x10001) Enter pass phrase for example.thusa.co.za.key: <passphrase> Verifying - Enter pass phrase for example.thusa.co.za.key: <passphrase> # cat example.thusa.co.za.key -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,5936E403B4C809E8 T6n2AaE+22YS5sYN9bO/qv4sbEqeH5DkdquI4W5saiL1ja8Td+V60fKDYPQF7a/S ...more secret stuff... 9Jhhi+bypQsLtXB3S+a22L+Yv7mH8i/7vwefL7+DHgw= -----END RSA PRIVATE KEY-----
2. Generate a Certificate Signing Request (CSR) to send to GoDaddy
# openssl req -new -key example.thusa.co.za.key -out example.thusa.co.za.csr Enter pass phrase for example.thusa.co.za.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:ZA State or Province Name (full name) [Some-State]:KZN Locality Name (eg, city) []:Durban Organization Name (eg, company) [Internet Widgits Pty Ltd]:The Conference Company Organizational Unit Name (eg, section) []:Events Common Name (eg, YOUR name) []:example.thusa.co.za Email Address []:support@thusa.co.za Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: <enter> An optional company name []: <enter>
3. Paste the CSR where GoDaddy asks for it
# cat example.thusa.co.za.csr -----BEGIN CERTIFICATE REQUEST----- MIIB4TCCAUoCAQAwgaAxCzAJBgNVBAYTAlpBMQwwCgYDVQQIEwNLWk4xDzANBgNV ...more secret stuff... RTUB+UDHOiHa31y3+5erx6E9hVIGQ6HU3ieijxYnEllh4X0q6Son2xEY3OzEODpx k5ui21c= -----END CERTIFICATE REQUEST-----
4. Download .crt file (zipped) from GoDaddy and copy to same location as .key file, then generate .pem:
# openssl rsa -in example.thusa.co.za.key -out example.thusa.co.za.pem Enter pass phrase for example.thusa.co.za.key: writing RSA key # openssl x509 -in example.thusa.co.za.crt >>example.thusa.co.za.pem
