Create a simple certificate request with new key
openssl req -batch -sha256 -newkey 2048:rsa -passout pass:your_password_here -keyout /home/fi5cher.de_key.pem -out /home/fi5cher.de_csr.pem -subj "/C=DE/ST=BY/L=Munich/O=FI5CHER/OU=FI5CHER/CN=fi5cher.de"
Create a simple certificate request for an existing key
openssl req -new -key /etc/pki/tls/private/icinga_key.pem -sha512 -keyout /home/fi5cher.de_key.pem -out /home/fi5cher.de_csr.pem -subj "/C=DE/ST=BY/L=Munich/O=FI5CHER/OU=FI5CHER/CN=fi5cher.de"
Create a simple certificate request with a subject alternative name
( see http://en.wikipedia.org/wiki/SubjectAltName )
create /root/fi5cher.de.ini
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
default_bits = 2048
default_keyfile = privkey.pem
attributes = req_attributes
[ req_attributes ]
unstructuredName = An optional company name
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = fi5cher.de
DNS.2 = f.ischer.de
[ req_distinguished_name ]
countryName = C
countryName_default = DE
countryName_min = 2
countryName_max = 2
localityName = Loc
localityName_default = Munich
organizationName = O
organizationName_default = FI5CHER
organizationalUnitName = OU
organizationalUnitName_default = FI5CHER
commonName = CN
commonName_default = fi5cher.de
now run:
openssl req -config /root/fi5cher.de.ini -newkey rsa:2048 -sha256 -keyout fi5cher.de.pem -out fi5cher.de.pem
Make a PKCS12 file
openssl pkcs12 -in /root/server123.fi5cher.de_cert.pem -inkey /root/server123.fi5cher.de_key.pem -export -out /root/server123.fi5cher.de.p12
Test a ssl connection
openssl s_client -showcerts -connect fi5cher.de:443
openssl s_client -showcerts -CAfile /etc/pki/YourRootCA.pem -connect fi5cher.de:443