Skip to main content

Install Self Signed Certificate for a domain for 10 years


Things that you need to install the certificate:

  • Key
  • CSR (Certificate Signing Request)
  • Certificate
Here we can create these files  with the openssl command. This can be done from any where. It is not necessary that we need to do this commands in the server itself where the domains hosted. I usually do this in my locale machine.

My example domain is myxyz.com

Creating the Key

############


# openssl genrsa -out myxyz-key.pem 2048

Note: Here if we want to create a more secure key then replace 2048 with 4096

Here we can give any name for the key file, but the only thing is that the extension should be .pem

Creating the CSR

############

# openssl req -new -sha256 -key myxyz-key.pem -out myxyz.csr

Note: Here we need to give the key filename after the -key option.
This command will create a CSR file named myxyz.csr

This command will ask for few options and you can see what I have given for a test case.
 ====================================
jino@localhost4:~$ openssl req -new -sha256 -key myxyz-key.pem -out myxyz.csr  
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Arizona
Locality Name (eg, city) []:Arizona
Organization Name (eg, company) [Internet Widgits Pty Ltd]:myxyz   
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:myxyz.com
Email Address []:admin@myxyz.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
=====================================

Creating the Certificate

################

# openssl req -x509 -sha256 -days 365 -key myxyz-key.pem -in myxyz.csr -out myxyz-certificate.pem

Note: Here -days specifies the period of certificate that we are creating. If you want to create the certificate for 10 Years you have to give that value as 3650


Installing the Certificate

#################


Go to Cpanel
  1. From the SSL/TLS Manager page, under Install and Manage SSL for your site (HTTPS), click Manage SSL sites. The Manage SSL Hosts page appears.
  2. Under Install an SSL Website, Select your domain from the drop down box
  3. Copy paste contents of myxyz-certificate.pem to the box under the "Certificate: (CRT)"
  4. Copy paste the contents of myxyz-key.pem to the box under the "Private Key (KEY)"
  5. Click Install Certificate. cPanel installs the certificate on the server and enables SSL. When the process is complete, you receive an SSL Host Successfully Installed message.

Comments

Post a Comment

Popular posts from this blog

K8s External Secrets integration between AWS EKS and Secrets Manager(SM) using IAM Role.

What is K8s External Secrets and how it will make your life easier? Before saying about External Secrets we will say about k8s secrets and how it will work. In k8s secrets we will create key value pairs of the secrets and set this as either pod env variables or mount them as volumes to pods. For more details about k8s secrets you can check my blog http://jinojoseph.blogspot.com/2020/08/k8s-secrets-explained.html   So in this case if developers wants to change the ENV variables , then we have to edit the k8s manifest yaml file, then we have to apply the new files to the deployment. This is a tiresome process and also chances of applying to the wrong context is high if you have multiple k8s clusters for dev / stage and Prod deployments. So in-order to make this easy , we can add all the secrets that is needed in the deployment, in the AWS Secret Manager and with the help of External secrets we can fetch and create those secrets in the k8s cluster. So what is K8s external Secret? It i...
Post a Comment
Read more

Password reset too simplistic/systematic issue

Some time when we try to reset the password of our user in linux it will show as simple and systematic as below: BAD PASSWORD: it is too simplistic/systematic no matter how hard password you give it will show the same. Solution: ######### Check if your password is Ok with the below command, jino@ndz~$ echo 'D7y8HK#56r89lj&8*&^%&^%#56rlKJ!789l' | cracklib-check D7y8HK#56r89lj&8*&^%&^%#56rlKJ!789l: it is too simplistic/systematic Now Create a password with the below command : jino@ndz~$ echo $(tr -dc '[:graph:]' 7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K; You can see that this password will be ok with the cracklib-check. jino@ndz~$ echo '7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K;' | cracklib-check                 7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K;: OK Thats all, Thanks.
Post a Comment
Read more

Setting /etc/hosts entries during the initial deployment of an Application using k8s yaml file

Some times we have to enter specific hosts file entries to the container running inside the POD of a kubernetes deployment during the initial deployment stage itself. If these entries are not in place, the application env variables mentioned in the yaml file , as hostnames , will not resolve to the IP address and the application will not start properly. So to make sure the /etc/hosts file entries are already there after the spin up of the POD you can add the below entries in your yaml file. cat > api-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: spec:   template:     metadata:     spec:       volumes:       containers:       - image: registryserver.jinojoseph.com:5000/jinojosephimage:v1.13         lifecycle:           postStart:             exec:               command:...
Post a Comment
Read more