in , ,

How to create your validated signed SSL by a trusted CA For Linux

Trusted Ssl Ca Certificate
Trusted ssl ca certificate

To create your validated and signed SSL certificate, but by a trusted CA – Certificate authority. we will need to:

1- Generate then pass your CSR – Certificate Signing Request – file to the CA.

2- Get the output certificates from the CA, then create a bundle PEM file, or use each output separately.

To generate the csr file run the commands.

# openssl genrsa -out 2048
# openssl req -new -sha256 -key -out

the output will be as shown below but remember to leave the challenge password blank.

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:Wyoming
Locality Name (eg, city) [Default City]:Sheridan
Organization Name (eg, company) [Default Company Ltd]:CompanyName
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []
Email Address []

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:Leave blank
An optional company name []:Leave blank

Then pass the output CSR file to the CA, or the CA partner as shown below for the using RapidSSL

Certificate Signing Request Upload
Certificate Signing Request Upload

If your SSL certificate has been issued successfully, CA or partner will reply to you with: SERVER CERTIFICATE, CA CERTIFICATE (INTERMEDIATE), and ROOT CERTIFICATEs.

now create a file and copy/paste to combine the above 3 certificate code in the same order into a bundle file.

# vim

For hardening this SSL Certificate we will generate Diffie-Hellman group dhparam.pem file

# openssl dhparam -out dhparam.pem 4096

So you can use the output files into webserver as nginx for an example

  ssl on;
  ssl_certificate      /path/to/domain.bundle.crt;
  ssl_certificate_key  /path/to/;
  ssl_dhparam /path/to/dhparam.pem;

What do you think?

Leave a Reply

Your email address will not be published.

How To Generate You Self Signed Ssl Certificate In 3 Steps For Linux

How to generate you self signed SSL certificate in 3 Steps for Linux

True And Fake Marketers, Influence Anyone Anything At Any Time, The Kim Kardashian Method

Influence anyone anything at any time, the Kim Kardashian method