Skip to main content

Certification authority and applying certificate to your domain

Generating a Certificate Signing Request and applying the certificate is  very frequent. Some companies require 2048 bit signatures. The following steps will create certificates with 2048 bit and later apply to relevant httpd (apache) server.

Certificate Hierarchy

Creating a CSR


Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]:London
Locality Name (eg, city) []:Croydon
Organization Name (eg, company) [Internet Widgits Pty Ltd]:My company
Organizational Unit Name (eg, section) []
Common Name (eg, YOUR name) []
Email Address []:

Things to remember

  • In most cases, ensure "Email address is left blank". But consult your certificate signing authority on this.
  • Ensure "Common Name" matches exactly the "ServerName" specified in your httpd.conf (or httpd/conf/extra/httpd-ssl.conf)

Actual Creation

Below creates CSR with 2048 bit
# CSR Key generation
# Generate a new private key and a new csr, using the default bit length.
 openssl req -new -keyout <NEWKEYFILE> -out <NEWCSRFILE>

# Generate a new rsa 2048 key and a new CSR, using a bit length of 1024 (or other specified length).
 openssl req -newkey rsa:2048 -keyout <NEWKEYFILE> -out <NEWCSRFILE>

# Generate a CSR based on an existing key, you'll need to know the key's passphrase. The CSR bit length is the same as the key that was used to create it.
 openssl req -out <NEWCSRFILE> -key <PROVKEYFILE> -new

# Check a private key bit length, you'll need to know the key's passphrase.
 openssl rsa -in 2048.key -text -noout

# Check a CSR bit length.
 openssl req -in <CSRFILENAME> -text -noout | grep bit

Once you receive the .csr or .crt file from the authority, you need to apply this to your web-application.
openssl, all the subcommands are listed and linked to from this man page.

subcommand "req" help:

subcommand "genrsa" help:

subcommand "rsa" help:

Also remember to apply this to your java keystore if you are using Tomcat
#####   Suppose your java location is : /usr/java6_64/
sudo su - -c /usr/java6_64/bin/keytool -import -trustcacerts -file ${certificateFile} -keystore /usr/java6_64/jre/lib/security/cacerts -alias ${certificateElias}

If you find any Errors, do check my previous post

OpenSSL Examples

A great document is kept here

View certificates details

openssl x509 -in filename.crt -noout -text

Popular posts from this blog

Create your own Passport Photo using GIMP

This tutorial is for semi-techies who knows a bit of GIMP (image editing).   This tutorial is for UK style passport photo ( 45mm x 35 mm ) which is widely used in UK, Australia, New Zealand, India etc.  This is a quick and easy process and one can create Passport photos at home If you are non-technical, use this link   .  If you want to create United States (USA) Passport photo or Overseas Citizen of India (OCI) photo, please follow this link How to Make your own Passport Photo - Prerequisite GIMP - One of the best image editing tools and its completely Free USB stick or any memory device to store and take to nearby shop A quality Digital camera Local Shops where you can print. Normally it costs (£0.15 or 25 US cents) to print 8 photos Steps (Video Tutorial attached blow of this page) Ask one of your colleague to take a photo  of you with a light background. Further details of how to take a photo  yourself       Take multiple pictures so that you can choose from th

Syslog Standards: A simple Comparison between RFC3164 & RFC5424

Syslog Standards: A simple Comparison between RFC3164 (old format) & RFC5424 (new format) Though syslog standards have been for quite long time, lot of people still doesn't understand the formats in detail. The original standard document is quite lengthy to read and purpose of this article is to explain with examples Some of things you might need to understand The RFC standards can be used in any syslog daemon (syslog-ng, rsyslog etc.) Always try to capture the data in these standards. Especially when you have log aggregation like Splunk or Elastic, these templates are built-in which makes your life simple. Syslog can work with both UDP & TCP  Link to the documents the original BSD format ( RFC3164 ) the “new” format ( RFC5424 ) RFC3164 (the old format) RFC3164 originated from combining multiple implementations (Year 2001)

VS Code & Portable GIT shell integration in Windows

Visual Studio Code & GIT Portable shell Integration Summary Many of your corporate laptop cannot install programs and it is quite good to have them as portable executables. Here we find a way to have Portable VS Code and Portable GIT and integrate the GIT shell into VS Code Pre-Reqs VS Code (Install version or Portable ) GIT portable Steps Create a directory in your Windows device (eg:  C:\installables\ ) Unpack GIT portable into the above directory (eg it becomes: C:\installables\PortableGit ) Now unpack Visual Studio (VS) Code and run it. The default shell would be windows based Update User or Workspace settings of VS Code (ShortCut is:  Control+Shift+p ) Update the settings with following setting { "workbench.colorTheme": "Default Dark+", "git.ignoreMissingGitWarning": true, "git.enabled": true, "git.path": "C:\\installables\\PortableGit\\bin\\git.exe", ""