This procedure will show you how to generate a certificate with this following requirements :
- a linux web server : a certificate request file is generated with openssl command
- a Microsoft Certificate Authority that will issue a certificate
Follow these steps :
- on the linux server :
- generate the private key : openssl genrsa 2048 > linux_webserver.key
Output : Generating RSA private key, 2048 bit long modulus ........+++ ..................+++ e is 65537 (0x10001)
- change the security of the private key : chmod 400 linux_webserver.key
- create the certificate request file : openssl req -new -key linux_webserver.key > linux_webserver.csr
Output : You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:XX State or Province Name (full name) [Some-State]:Your_State Locality Name (eg, city) []:Your_Locallity Organization Name (eg, company) [Internet Widgits Pty Ltd]:The_company_name Organizational Unit Name (eg, section) []:Department Common Name (e.g. server FQDN or YOUR name) []:thewebserverFQDN.domain.local Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
- generate the private key : openssl genrsa 2048 > linux_webserver.key
- on the Microsoft Certificate Authority
- launch a command prompt : cmd
- check the certificate request file : certutil linux_webserver.csr
- generate the certificate : certreq -attrib “CertificateTemplate:webserver” -submit linux_webserver.csr
- select the Certificate Authority when prompted
- save the certificate file
You will then be able to install this new certificate on the linux web server. If you use Apache, you can follow this procedure to install the certificate on it.
Reference
My Powershell script categories
- Active Directory
- Cluster
- Database
- Exchange
- Files and folders
- Hardware
- Network
- Operating System
- PKI
- SCCM
- Service and process
- Tips
- VMWare
Submit an openssl request file to a Microsoft PKI with certreq