In 2018 SSL is a fact of life everywhere. Below are a couple of common useful tips:
Generating a CSR and key from a bash script:
#!/bin/bash #Written By firstname.lastname@example.org #Last Modified April 20, 2016 #Auto-Generate CSR and Key file for SHA-256 SSL Certs #Required Site Info sitename=$1 commonname=$sitename #Check for Site Name, If missing error output will be displayed if [ -z "$sitename" ] then echo "Error! No site name provided, please provide a sitename after typing newcert.sh. ex: newcert.sh mysite.com" exit 99 fi #Generate CSR and Key openssl req -new -newkey rsa:2048 -nodes -sha256 -keyout ~/$sitename.key -out ~/$sitename.csr #Show CSR to copy and Paste echo "Your request completed successfully, copy the CSR below and use a certificate provider to generate an SSL certificate from this CSR" cat ~/$sitename.csr
Comparing a newly issues crt to its keyfile to ensure they match:
openssl x509 -noout -modulus -in mydomain.com.crt | openssl md5 openssl rsa -noout -modulus -in mydomain.com.key | openssl md5
The output from these should be a matching MD5 string, if the values do not match you have a cert/key mismatch.
Converting crt and key to pfx:
openssl pkcs12 -export -out mydomain.com.pfx -inkey mydomain.com.key -in mydomain.com.crt