PKI // Playing with OpenSSL

NetBSD Requirements

cp -pi /usr/share/examples/openssl/openssl.cnf /etc/openssl/
cp -pi /usr/share/examples/openssl/openssl.cnf /etc/openssl/openssl.cnf.dist
chmod 600 /etc/openssl/openssl.cnf
vi /etc/openssl/openssl.cnf

#default_md             = sha2



cp -i /usr/share/examples/openssl/openssl.cnf /etc/openssl/
cd /etc/openssl/



openssl req -x509 -newkey rsa:2048 -out selfsign.cer -keyout selfsign.key -nodes -sha256 -days 365
#-subj /CN=$domain
#-subj "/C=RU/L=Innopolis/O=Innopolis University/OU=SNE/CN=$domain/emailAddress=root@$domain"
ls -lF *.cer *.key
openssl x509 -noout -text -in selfsign.cer | less

Official Certificate

Once you sent your CSR to your SSL provider, it will respond you with the PEM certificate, possibly as .crt.

Concatenate the Chain

You will also need their root CA and intermediate certificates – if those aren’t delivered, you might find it on their website. Eventually concatenate those two,

cd /etc/httpd/ssl/
cat intermediatecert rootcert > issuer-concat-cert.crt
chmod 400 issuer-concat-cert.crt


How To Create an SSL Certificate on Nginx for Ubuntu 14.04

OpenSSL tips and tricks

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

Command Line Utilities


How can I use OpenSSL with an external source of randomness?

Good entropy source for generating openssl keys

Random Numbers

How to speed up OpenSSL/GnuPG Entropy For Random Number Generation On Linux

Using engines for random number generation


Is it possible to generate RSA key without pass phrase?

Why openssl insist on requiring a passphrase on genrsa command?

Creating a .pem File for SSL Certificate Installations


Does .pem file contains both private and public keys?


req: Unrecognized flag sha2

How to make OpenSSL with SHA256 instead of sha1?

Generating an SHA256 SSL CSR on CentOS/RHEL using genkey

Nethence | Pub | Lab | Pbraun | SNE Russia | xhtml