How to use Openssl for different tasks
To generate custom CSR
- Create your private key:
openssl genpkey -algorithm RSA -out ssl-private.key -pkeyopt rsa_keygen_bits:4096- Create a file called openssl.cnf with the below config:
[req]
default_bits = 4096
default_keyfile = ssl-private.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
encrypt_key = no
prompt = no
[req_distinguished_name]
countryName = <HU>
stateOrProvinceName = <Pest>
localityName = <Budapest>
organizationName = <Homelab>
commonName = <yourcn>
[req_ext]
subjectAltName = @alt_names
[alt_names]
DNS.1 = <short-dns>
DNS.2 = <fqdn>
IP.1 = <IP-address>- Generate CSR with the below command:
openssl req -new -key ssl-private.key -out ssl-public.csr -config openssl.cnfTo convert certs to base64 strings (k8s yml compatible)
openssl base64 -A < ssl-public.cer > ssl-public.cer.base64Here the -A option removes all newlines (\n) from the file, making it one single line
To convert private-key and cert to a single .pfx file
openssl pkcs12 -export -out combined.pfx -inkey ssl-private.key -in certificate.crtLast updated on