lovellfelix · February 6, 2020 18:17
diff --git a/gistfile1.txt b/gistfile1.txt
 #Verfiy opensssl is installed
 rpm -qa | grep -i openssl

 #If it's not installed
 yum install openssl openssl-devel

 #Generate RSA key
 openssl genrsa -out domain.com.key 2048

 #Create CSR
 openssl req -new -sha256 -key domain.com.key -out domain.com.csr

 #Varify CSR
 openssl req -noout -text -in domain.com.csr

 # Generate Self Signed Key
 openssl x509 -req -days 365 -in domain.com.csr -signkey domain.com.key -out domain.com.crt

 #Verify Certificate
 openssl x509 -in domain.name.crt -text -noout

 #Export pfx with crt and key
 openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt
 # (Optional with Chain)
 openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt -certfile domain.name.chain.crt

 #Verify PFX
 openssl pkcs12 -info -in domain.name.pfx

 #Export private key from pfx
 openssl pkcs12 -in domain.name.pfx -nocerts -out domain.com.key

 #Export certificate from pfx
 openssl pkcs12 -in domain.name.pfx -clcerts -nokeys -out domain.name.crt

 #Export pem from pfx
 openssl pkcs12 -in domain.name.pfx -out domain.name.pem -nodes

 #Remove pass phrase from key
 openssl rsa -in domain.name.key -out domain.name.key_nopass

 #create PEM file from existing certificate files that form a chain
 cat domain.name.key > domain.name.pem
 cat domain.name.crt >> domain.name.pem
 ##OPTIONAL - with Intermediate chain
 cat intermediate.crt >> domain.name.pem

 #Checking MD5 hash of cert to ensure it match private key or csr
 openssl x509 -noout -modulus -in domain.name.crt | openssl md5
 openssl rsa -noout -modulus -in domain.name.key | openssl md5
 openssl req -noout -modulus -in domain.name.csr | openssl md5

 #Installation on APACHE
 <VirtualHost *:443>
 ServerName www.domain.com
 DocumentRoot /path/to/htdocs

 SSLEngine ON
 SSLCertificateFile /etc/pki/tls/certs/domain.com.crt
 SSLCertificateKeyFile /etc/pki/tls/private/domain.com.key
 #SSLCertificateChainFile /etc/pki/tls/certs/domain.com-chain.crt

 ErrorLog logs/ssl.domain.com.error_log
 CustomLog logs/ssl.domain.com.access_log combined
 </VirtualHost>
	#Verfiy opensssl is installed
	rpm -qa \| grep -i openssl

	#If it's not installed
	yum install openssl openssl-devel

	#Generate RSA key
	openssl genrsa -out domain.com.key 2048

	#Create CSR
	openssl req -new -sha256 -key domain.com.key -out domain.com.csr

	#Varify CSR
	openssl req -noout -text -in domain.com.csr

	# Generate Self Signed Key
	openssl x509 -req -days 365 -in domain.com.csr -signkey domain.com.key -out domain.com.crt

	#Verify Certificate
	openssl x509 -in domain.name.crt -text -noout

	#Export pfx with crt and key
	openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt
	# (Optional with Chain)
	openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt -certfile domain.name.chain.crt

	#Verify PFX
	openssl pkcs12 -info -in domain.name.pfx

	#Export private key from pfx
	openssl pkcs12 -in domain.name.pfx -nocerts -out domain.com.key

	#Export certificate from pfx
	openssl pkcs12 -in domain.name.pfx -clcerts -nokeys -out domain.name.crt

	#Export pem from pfx
	openssl pkcs12 -in domain.name.pfx -out domain.name.pem -nodes

	#Remove pass phrase from key
	openssl rsa -in domain.name.key -out domain.name.key_nopass

	#create PEM file from existing certificate files that form a chain
	cat domain.name.key > domain.name.pem
	cat domain.name.crt >> domain.name.pem
	##OPTIONAL - with Intermediate chain
	cat intermediate.crt >> domain.name.pem

	#Checking MD5 hash of cert to ensure it match private key or csr
	openssl x509 -noout -modulus -in domain.name.crt \| openssl md5
	openssl rsa -noout -modulus -in domain.name.key \| openssl md5
	openssl req -noout -modulus -in domain.name.csr \| openssl md5

	#Installation on APACHE
	<VirtualHost *:443>
	ServerName www.domain.com
	DocumentRoot /path/to/htdocs

	SSLEngine ON
	SSLCertificateFile /etc/pki/tls/certs/domain.com.crt
	SSLCertificateKeyFile /etc/pki/tls/private/domain.com.key
	#SSLCertificateChainFile /etc/pki/tls/certs/domain.com-chain.crt

	ErrorLog logs/ssl.domain.com.error_log
	CustomLog logs/ssl.domain.com.access_log combined
	</VirtualHost>