Generating a certificate via OpenSSL
Instructions to generate certificates with openSSL can also be found documented here, on our support site.
To generate a CSR (Certificate Signing Request), open a terminal that has the openssl package installed. The following commands will generate a (self-signed) SSL certificate from a new or existing OpenSSL installation:
1. Generate a **private** key for your server CA (Certificate Authority): $ openssl genrsa -des3 -out ca.key 4096 2. Create a certificate file using the generated CA private key: $ openssl req -new -x509 -days 3650 -key ca.key -out ca_file 3. Create a **private** key for your new SSL certificate: $ openssl genrsa -des3 -out server.key 2048 4.Create certificate signing request (CSR) for your SSL certificate: $ openssl req -new -key server.key -out server.csr 5. Sign the CSR we created above with our CA key, and export the signed x509 certificate: $ openssl x509 -req -days 365 -in server.csr -CA ca_file -CAkey ca.key -set_serial 01 -out cert_file 6. Export the private key file in the correct format: $ openssl rsa -in server.key -out key_file
Adding a new certificate is easy; See add a new certificate via appliance manager instructions here.
Generating non-production CSRs
WARNING! You should most likely use the OpenSSL method outlined ABOVE! Use the following online generator at your own risk, and ONLY for NON-PRODUCTION purposes. A ‘Private’ key generated by this link [or any third party] is, by definition, NOT private!!
If you need to quickly generate a non-production Certificate Signing Request (CSR), you can use this online CSR generator at your own risk: CSR Generator