I had a need to create a certificate for a new webserver. I have Linux machines available on my Windows dowmain that has a certificate authority advertised in active directory.<\/p>\n
On your linux machine (that has openssl)<\/strong> Generating a 2048 bit RSA private key Please enter the following ‘extra’ attributes Copy the CSR to your clipboard<\/strong> Create the certificate request on your CA<\/strong><\/p>\n https:\/\/certificateauthority\/certsrv I always download as a base64 encoded certificate. I then copied the .cer to my linux box to run the next steps.<\/p>\n On your linux machine create the PFX<\/strong> Enter Export Password: Copy the PFX back to your window machine, double click, enter the passcode, and away you go.<\/p>\n","protected":false},"excerpt":{"rendered":" I had a need to create a certificate for a new webserver. I have Linux machines available on my Windows dowmain that has a certificate authority advertised in active directory. On your linux machine (that has openssl) openssl req -new -sha256 -newkey rsa:2048 -nodes -keyout webserver1.key -out webserver1.csr Generating a 2048 bit RSA private key … Continue reading Webserver CA SSL Request, Linux Windows<\/span>
\nopenssl req -new -sha256 -newkey rsa:2048 -nodes -keyout webserver1.key -out webserver1.csr<\/code><\/p>\n
\n……………………………………+++
\n…………………………………..+++
\nwriting new private key to ‘webserver1.key’
\n—–
\nYou are about to be asked to enter information that will be incorporated
\ninto your certificate request.
\nWhat you are about to enter is what is called a Distinguished Name or a DN.
\nThere are quite a few fields but you can leave some blank
\nFor some fields there will be a default value,
\nIf you enter ‘.’, the field will be left blank.
\n—–
\nCountry Name (2 letter code) [XX]:US
\nState or Province Name (full name) []:NO
\nLocality Name (eg, city) [Default City]:Town
\nOrganization Name (eg, company) [Default Company Ltd]:Winks
\nOrganizational Unit Name (eg, section) []:IT
\nCommon Name (eg, your name or your server’s hostname) []:webserver1.localdomain.local
\nEmail Address []:support@localdomain.local<\/p>\n
\nto be sent with your certificate request
\nA challenge password []:
\nAn optional company name []:<\/p><\/blockquote>\n
\nnano webserver1.csr<\/code>
\nCopy all of the text including the “–BEGIN” and “–END”<\/p>\n
\nCreate a new request – Advanced certificate request
\nPaste the copied text
\nSelect webserver for the certificate template
\nSubmit<\/p><\/blockquote>\n
\nopenssl pkcs12 -inkey webserver1.key -in webserver1.cer -export -out webserver1.pfx<\/code><\/p>\n
\nVerifying – Enter Export Password:<\/p><\/blockquote>\n