OpenSSL commands for certificate generation

Openssl is a command line tool used to generate certificates which will be used for opensource webservers like Apache and appservers like tomcat.

Most Linux/Unix platform will have openssl installed.

Check openssl is installed by issuing the command
openssl version.Below is the output.

[}$ openssl version
OpenSSL 1.0.0-fips 29 Mar 2010

To set up a SSL we need
1.private key
2.certificate request to send to CA
3.Get the certificate from CA via email.

openssl genrsa -des3 -out test.key 2048

The above command has genrsa which is to use RSA algorithm.des3 which is triple DES  algorithm  to encrypt passphrase and 2048 is the bit size.

openssl genrsa -aes128 -out test.key 2048 

In the above command mentioned aes algorithm  to use for key protection  if you dont want des3.
There are many websites to give the command you dont have to remember the command. 

2.Generate CSR.

CSR is the one where  you will provide your website information which will be used by CA to generate the certificate.

openssl req -new -key test.key -out test.csr
Once you type the command it will ask for passphrase and some other info like country ,state,email and common name.

To skip typing these either you can put the config in cnf file or put the details in the command itself.

[req]
prompt = no
distinguished_name = distinguished_name

[distinguished_name]
CN = www.test.com
emailAddress = test@test.com
O = Test Ltd
L = London
C = GB 

Place the above line in a file called test.cnf and issue the command below
openssl req -new -key test.key -out test.csr -config test.cnf
it will only ask for passphrase of the private key since other details are already mentioned in the cnf file.

The above example is for single domain.For multi domain you have to configure subject alternative name (SAN) in the cnf file with v3 extensions.

Once the csr is generated open the file with text editor and copy the content fully and paste it in any CA site you wish.