Fedora 31
Sponsored Link

Create SSL Certificate (Self-Signed)
2019/11/12
  Create Self Signed SSL Certificate by yourself. It had beeter to use Self Signed Certificate on the environment for the purpose of testing, develomement, and so on, not recommended to use on production System.
[root@dlp ~]#
cd /etc/pki/tls/certs

[root@dlp certs]#
openssl genrsa -aes128 2048 > server.key

Generating RSA private key, 2048 bit long modulus
.+++
.............+++
e is 65537 (0x010001)
Enter pass phrase:                  # set passphrase
Verifying - Enter pass phrase:      # confirm

# remove passphrase from private key

[root@dlp certs]#
openssl rsa -in server.key -out server.key

Enter pass phrase for server.key:   # input passphrase
writing RSA key

[root@dlp certs]#
openssl req -utf8 -new -key server.key -out server.csr

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:JP   # country code
State or Province Name (full name) []:Hiroshima    # state
Locality Name (eg, city) [Default City]:Hiroshima  # city
Organization Name (eg, company) [Default Company Ltd]:GTS  # company
Organizational Unit Name (eg, section) []:Server World     # department
Common Name (eg, your name or your server's hostname) []:dlp.srv.world  # server's FQDN
Email Address []:root@srv.world   # admin email address

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

# create certificate with 10 years expiration date

[root@dlp certs]#
openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650

Signature ok
subject=C = JP, ST = Hiroshima, L = Hiroshima, O = GTS, OU = Server World, CN = dlp.srv.world, emailAddress = root@srv.world
Getting Private key
[root@dlp certs]#
chmod 600 server.key

[root@dlp certs]#
ll server.*

-rw-r--r--. 1 root root 1334 Nov 11 19:51 server.crt
-rw-r--r--. 1 root root 1062 Nov 11 19:51 server.csr
-rw-------. 1 root root 1675 Nov 11 19:50 server.key
Matched Content