cp -pi /usr/share/examples/openssl/openssl.cnf /etc/openssl/ cp -pi /usr/share/examples/openssl/openssl.cnf /etc/openssl/openssl.cnf.dist chmod 600 /etc/openssl/openssl.cnf vi /etc/openssl/openssl.cnf #default_md = sha2
netbsd
cp -i /usr/share/examples/openssl/openssl.cnf /etc/openssl/ cd /etc/openssl/
ubuntu
proceed
domain= openssl req -x509 -newkey rsa:2048 -out selfsign.cer -keyout selfsign.key -nodes -sha256 -days 365 #-subj /CN=$domain #-subj "/C=RU/L=Innopolis/O=Innopolis University/OU=SNE/CN=$domain/emailAddress=root@$domain" ls -lF *.cer *.key openssl x509 -noout -text -in selfsign.cer | less
-out-nodes to avoid encrypting the private key hence no passphraseOnce you sent your CSR to your SSL provider, it will respond you with the PEM certificate, possibly as .crt.
You will also need their root CA and intermediate certificates – if those aren’t delivered, you might find it on their website. Eventually concatenate those two,
cd /etc/httpd/ssl/ cat intermediatecert rootcert > issuer-concat-cert.crt chmod 400 issuer-concat-cert.crt
How To Create an SSL Certificate on Nginx for Ubuntu 14.04 https://www.digitalocean.com/community/tutorials/how-to-create-an-ssl-certificate-on-nginx-for-ubuntu-14-04
OpenSSL tips and tricks https://commandlinefanatic.com/cgi-bin/showarticle.cgi?article=art030
What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats? https://serverfault.com/questions/9708/what-is-a-pem-file-and-how-does-it-differ-from-other-openssl-generated-key-file
Command Line Utilities https://wiki.openssl.org/index.php/Command_Line_Utilities
How can I use OpenSSL with an external source of randomness? https://security.stackexchange.com/questions/143051/how-can-i-use-openssl-with-an-external-source-of-randomness
Good entropy source for generating openssl keys https://crypto.stackexchange.com/questions/12571/good-entropy-source-for-generating-openssl-keys
Random Numbers https://wiki.openssl.org/index.php/Random_Numbers
How to speed up OpenSSL/GnuPG Entropy For Random Number Generation On Linux https://www.cyberciti.biz/open-source/debian-ubuntu-centos-linux-setup-additional-entropy-for-server-using-aveged-rng-tools-utils/
Using engines for random number generation https://stackoverflow.com/questions/29150585/using-engines-for-random-number-generation
Is it possible to generate RSA key without pass phrase? https://serverfault.com/questions/366372/is-it-possible-to-generate-rsa-key-without-pass-phrase
Why openssl insist on requiring a passphrase on genrsa command? https://superuser.com/questions/407908/why-openssl-insist-on-requiring-a-passphrase-on-genrsa-command
Creating a .pem File for SSL Certificate Installations https://www.digicert.com/ssl-support/pem-ssl-creation.htm
Does .pem file contains both private and public keys? https://stackoverflow.com/questions/7539625/does-pem-file-contains-both-private-and-public-keys
req: Unrecognized flag sha2
How to make OpenSSL with SHA256 instead of sha1? https://stackoverflow.com/questions/42857286/how-to-make-openssl-with-sha256-instead-of-sha1
Generating an SHA256 SSL CSR on CentOS/RHEL using genkey https://serverfault.com/questions/630692/generating-an-sha256-ssl-csr-on-centos-rhel-using-genkey