Openssl Question

Discussion in 'Technical' started by ppawcio, Mar 6, 2012.

  1. ppawcio

    ppawcio New Member

    A user sent me a .csr file and we have openssl installed. How can I create a certificate in openssl from the .csr file?
     
  2. ppawcio

    ppawcio New Member

    I should post more info, I created the original certificate using these commands:

    mkdir /usr/share/ssl/certs/hostname.domain.com
    cd /usr/share/ssl/certs/hostname.domain.com
    (umask 077 && touch host.key host.cert host.info host.pem)
    openssl genrsa 2048 > host.key
    openssl req -new -x509 -nodes -sha1 -days 3650 -key host.key > host.cert
    ...[enter *.domain.com for the Common Name]...
    openssl x509 -noout -fingerprint -text < host.cert > host.info
    cat host.cert host.key > host.pem
    chmod 400 host.key host.pem

    So if I want to renew, can i use these commands?

    openssl req -new -x509 -nodes -sha1 -days 4650 -key host.key > host.cert
    ...[enter *.domain.com for the Common Name]...
    openssl x509 -noout -fingerprint -text < host.cert > host.info
    cat host.cert host.key > host.pem
    chmod 400 host.key host.pem
     
  3. falko

    falko Super Moderator ISPConfig Developer

    You must take the CSR and go to a CA which then creates a trusted cert from it. If you don't care about browser warnings, you can use your self-signed cert.
     

Share This Page