Skip to main content

Posts

Showing posts with the label CSR Generation

Check CSR and Private Key are matching or not.

  If you are managing many of sites and their respective SSL certs, some times ,we come across a situation where we messed up with SSL certs and their CSR and private keys,   Where we do not know, which private key belongs to which Cert and which private key belongs to which CSR. This happen only if proper management of keeping SSL files are not in used  after all we are all human being ,who do mistakes :)  right ? so, here on this page I will tell you , how to check which cert belongs to which private key and which CSR belongs to which private key , and that is  only using openssl command on the terminal itself, after all we are love linux terminal :) So , here it is, openssl rsa -noout -modulus -in mydomain.key | openssl md5  openssl req -noout -modulus -in mydomain.csr | openssl md5 openssl x509 -noout -modulus -in domain.crt | openssl md5 If you find the output of all command identical ,high probability is that all files i.e private key ,csr and certificate are match

How to Generate CSR using Openssl in Linux

Before Generating CSR ,let see what is Openssl. It is nothing but a core library ,which is used for general purpose in cryptography,it is an open source product which work towards the implementation of SSL and TLS protocols. Talking about openssl, some people called the certificates generated from openssl as "self signed certificate". lets go towards now,creating CSR and private key using openssl command, Just log in to any of your Linux box and run following command as  root user  replacing the required information as per your need . [root@SVR home]#   openssl req -new -newkey  rsa:2048 -nodes -sha256 -out domain_name.csr -keyout domain_name.key -subj "/C=US/ST=state/L=locality/O=organization/OU=organization unit Dept/CN=www.domain.com"  You will get output like : Then check whether ,all the information we have entered ,while creating CSR is proper ,by decoding the CSR from some online tool. First do the cat to the csr file [root@SVR home]#  cat