security,

SSL Certificate Management - Quick Reference

Gini Gini Follow · 1 min read
SSL Certificate Management - Quick Reference
Share this

Create a Root CA

## create CA key
## remove the -des3 option for non-password protected key 
openssl genrsa -des3 -out myserver-CA.key  4096

## self-sign CA Certificate
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out myserver-CA.pem

Create Server Key, CSR and Certificate

## Create a new SSL Key for server/app
openssl genrsa -out myserver.key 2048

## Generate Certificate Signing Request
$ openssl req -new \
  -subj "/C=US/ST=North Carolina/L=Raleigh/O=Red Hat/CN=todo-https.apps.ocp4.example.com" \
  -key myserver.key \
  -out myserver.csr

## Verify CSR content
$ openssl req -in myserver.csr -noout -text

## Generate Certificate using CSR and CA
## openssl x509 -req -in <CSR FILE> \
##   -CA <CA FILE> -CAkey myserver-CA.key -CAcreateserial \
##   -passin file:passphrase.txt \
##   -out <EXPORT CRT> -days 3650 -sha256 -extfile myserver.ext
$ openssl x509 -req \
  -passin file:passphrase.txt \
  -CA myserver-CA.pem -CAkey myserver-CA.key -CAcreateserial \
  -in myserver.csr \
  -out myserver.crt \
  -days 1825 -sha256 -extfile myserver.ext

## verify certificte content
$ openssl x509 -in myserver.crt -text -noout
cloud automation containers kubernetes
Gini
Written by Gini Follow
Backpacker, Foodie, Techie

Latest Stories

How To Get Hands-On Experience in AWS

Every Time you have the same situation, you know the technology and maybe you are already a certified professional in that technology, but you are not getting enough hands-on on that ...

In AWS, Jan 04, 2021
How To Get Hands-On Experience in AWS
Getting Started with Ansible Collections

Ansible Collection is a great way of getting content contributions from various Ansible Developers. Earlier there was a tagline for Ansible – “Batteries included”, but now the battery...

In redhat, ansible, Dec 22, 2020
Getting Started with Ansible Collections
Configure Your Windows Host to be Managed by Ansible

I was talking to my friend about Ansible automation and how we are implementing automated solutions for cloud and on-premise infrastructure. Then he told me that, his team is looking ...

In redhat, ansible, Dec 01, 2020
Configure Your Windows Host to be Managed by Ansible
Remove nodes from Kubespray Managed Kubernetes Cluster

Kubespray is a combination of Ansible and Kubernetes and you can use Kubespray for deploying production ready Kubernetes clusters. You can manage full-lifecycle of Kubernetes clusters...

In containers, kubernetes, Nov 30, 2020
Remove nodes from Kubespray Managed Kubernetes Cluster
Adding new nodes to Kubespray Managed Kubernetes Cluster

Kubespray is a combination of Ansible and Kubernetes and you can use Kubespray for deploying production ready Kubernetes clusters. Learn how to add new nodes in a Kubernetes cluster u...

In containers, kubernetes, Nov 27, 2020
Adding new nodes to Kubespray Managed Kubernetes Cluster

Featured

  1. Start Your OpenShift journey with OpenShift Interactive Learning Portal – FREE
    In openshift,
  2. Installing oVirt 4 with Self-Hosted Engine on Enterprise Linux
    In oVirt,
  3. How to Create Scheduled Snapshots in Google Cloud Platform
    In cloud,
  4. Ansible Tower - How to Backup and Restore
    In ansible, automation,
  5. Sending Email Using Python and smtplib
    In