Generating a certificate via OpenSSL
Instructions to generate certificates with openSSL can also be found documented here, on our support site.
To generate a CSR (Certificate Signing Request), open a terminal that has the openssl package installed. The following commands will generate a (self-signed) SSL certificate from a new or existing OpenSSL installation:
1. Generate a **private** key for your server CA (Certificate Authority):
$ openssl genrsa -des3 -out ca.key 4096
2. Create a certificate file using the generated CA private key:
$ openssl req -new -x509 -days 3650 -key ca.key -out ca_file
3. Create a **private** key for your new SSL certificate:
$ openssl genrsa -des3 -out server.key 2048
4.Create certificate signing request (CSR) for your SSL certificate:
$ openssl req -new -key server.key -out server.csr
5. Sign the CSR we created above with our CA key, and export the signed x509 certificate:
$ openssl x509 -req -days 365 -in server.csr -CA ca_file -CAkey ca.key -set_serial 01 -out cert_file
6. Export the private key file in the correct format:
$ openssl rsa -in server.key -out key_file
Adding a new certificate is easy; See add a new certificate via appliance manager instructions here.
Generating non-production CSRs
WARNING! You should most likely use the OpenSSL method outlined ABOVE! Use the following online generator at your own risk, and ONLY for NON-PRODUCTION purposes. A ‘Private’ key generated by this link [or any third party] is, by definition, NOT private!!
If you need to quickly generate a non-production Certificate Signing Request (CSR), you can use this online CSR generator at your own risk: CSR Generator