How to Generate a Key and Certificate Request Using OpenSSL

If you want to start up a web server or perhaps just want to add SSL capabilities to a pre-existing website, this quick tutorial may be useful to you.

In a Unix environment, generating a key and certificate request or .key and .csr with OpenSSL is actually quite simple and stress-free. OpenSSL is a cryptographic toolkit that uses the SSL and TLS protocols, so this is what we will be using.

Note: This tutorial was made using Ubuntu Server.

Installing OpenSSL

If you do not already have OpenSSL, you can quickly install it with:
  sudo apt-get install openssl
Did you know OpenSSL originated from a project called SSLeay which was developed in 1995?

Generating a Key and Certificate Request

With that out of the way, let's move on to making the key and Certificate Signing Request (or CSR for short.) This can all be done with one command. It's a doozy, but I'll explain each part of the command so you'll know what to use each bit for in the future.

Head back to your terminal and type in the following (change the bold parts to match your details):

  openssl req -new -newkey rsa:2048 -nodes -out your_csr_name.csr -keyout your_key_name.key -subj "/C=your_Country/ST=your_state_or_province/L=your_locality_or_city/O=your_organization/OU=your_organizational_unit/CN=your_common_name"

Let's say your website is website.com, you live in Orlando, Florida, and work in IT at Disney. Let's say you also want your CSR name to be myCSR and your key name to be JohnsNewKey. You would put:

  openssl req -new -newkey rsa:2048 -nodes -out myCSR.csr -keyout JohnsNewKey.key -subj "/C=USA/ST=Florida/L=Orlando/O=Disney/OU=IT/CN=website.com"

Here's the nitty-gritty of what each part of the above commands means:
  • req - This is the certificate request and certificate-generating utility
  • -new - This flag will cause a new certificate request to be generated from the request utility. In most cases, this will cause a prompt asking you to fill in some values, but it won't do that this time around.
  • -newkey - Still utilizing the request utility, this will cause a new private key to be generated.
  • -nodes - Here we're telling the request utility that if a private key is created, do not encrypt it.
  • -subj - This will set the subject name for your request. This is why the "-new" flag above won't prompt you for values.
  • rsa:2048 - This is for our key. Here we're specifying that we want an RSA key with a size of 2048 bits.

Using Your Output

Once you run your command, you will create two files: a .key file and a .csr file. You will need to submit your .csr file to your Certificate Authority (CA) and they will create a valid certificate (a .crt) for you. You will now have your valid certificate!

Troubleshooting

Here are some quick answers to issues you may run into.

An SSL Common Name Mismatch

Your CN (website.com in our above example) MUST be exactly what your web address will be when you connect to the site. When a user types in your URL, the web browser will then check that the domain name in the URL matches the domain name(s) listed in the certificate. If there's a mismatch, the browser will display a warning message to the user. To avoid issues, you can update your certificate with a wildcard to cover multiple subdomains.

Error Loading Request Extension Section

This is caused by incorrect configuration or syntax in the request extension section and can be resolved by checking configuration settings and ensuring the correct syntax is used for extensions.

Unable to Create Certificate Request

This is typically due to syntax errors. Make sure you've spelled everything correctly, and have included all the necessary arguments as well as any information for options you've created a flag for.

Unable to write 'random state'

This is caused by an inability to write to the .rnd file due to environmental issues. You can fix this by adjusting permissions or specifying a different .rnd file location.

No Certificate Matches Private Key

This arises from a mismatch between the private key and the certificate. Make sure the private key corresponds to the correct certificate. Usually, it's best to just create one key and one certificate at a time so things don't get too messy.

Permission Denied

This is caused by insufficient permissions to read or write to a directory or file. You can resolve it by running the command with appropriate privileges or changing directory or file permissions. I usually run these commands while logged in as admin, where possible.

Problems Creating Certificate Request

This error is about as vague as it gets, but this usually happens due to syntax errors.

Algorithm Not Found

Make sure you're using a supported algorithm.

Configuration File Errors

This is caused by issues in the openssl.cnf configuration file, such as an incorrect path or syntax errors.

Cannot Open File for Writing

This can happen either because the file doesn't exist at the location you gave or because you do not have the correct permissions.

Incorrect Password Passphrase

Make sure you're using the correct passphrase.

Unable to Load Config Info from /path/to/openssl.cnf

This happens when you've specified the wrong path or if you're missing config info (or files.)

Error in Req

This occurs with syntax errors or invalid arguments.

Subject Does Not Start with '/'

Make sure the subject starts with '/' (without the quotes.)
Location: Chicago, IL, USA

Comments

Post a Comment

Popular posts from this blog

How to Open a File in Terminal or Command Prompt (Windows, MacOS, & Unix)

Image
In the realm of computing, the command-line interface (commonly referred to as the terminal) provides a versatile and powerful means of file manipulation. Mastering the use of your terminal is an invaluable skill. In this tutorial, I will show you how to open various types of files using the terminal across a variety of operating systems. Why Use Terminal While your GUI is intuitive and user-friendly, the terminal is indispensable for a range of tasks that require precision, automation, and batch processing (my favorite.) Utilizing the terminal enables you to write scripts to automate repetitive tasks or execute operations on multiple files simultaneously. Before we delve into specific commands, you'll need to identify where the terminal application can be accessed on your operating system. Windows: Use PowerShell or Command Prompt. MacOS: Your Terminal can be found in the Utilities folder within the Applications directory. Linux: Your terminal can usually be opened using the Ctr...
Read more

Fixed: YouTube Video Stuck 99% on Upload or Processing

Image
  I've had quite a few people come to me with an issue relating to uploading on YouTube. Their video upload slows significantly or stops completely. I've been there too (and it sucks). I designed this guide to help you finish your YouTube upload by learning why it got stuck and what you can do to fix it without (hopefully) starting over. Let's get started! Why Is My YouTube Upload Stuck? Before diving into some solutions, let's first understand why your video might have stopped while you were uploading it. Here are a few potential reasons: Internet Connection - This is one of the most obvious reasons. A slow or unstable internet connection can slow down or even stop a YouTube upload. File Size - YouTube has a maximum upload limit. If your video exceeds this limit, you will definitely have some problems uploading. File Format - YouTube supports a wide range of video formats. However, if you're trying to upload a video format that they don't support, it might ...
Read more

How to write to a file in Ruby

Image
Ruby is used for web development, automation, and data processing. In this article, we'll explore how to create files in the Ruby programming language, covering various methods and best practices. File handling is an essential aspect of programming that allows you to read from and write data to files. In Ruby, the File class provides a set of methods that make file manipulation straightforward and efficient. Whether you're working with text files, binary files, or any other type of file, you'll want to know how to create, read, and write files in Ruby. Creating a file in Ruby is a simple process that involves using the File class and some of its associated methods. Let's start with the basics. File.new The File.new method is one of the primary ways to create a file in Ruby. Here are two examples of how to use it: Two examples using File.new   file_name = File.new("example.txt", "w")   # use the w flag as shown above if   # you want to write to a new...
Read more