1. Dave Member

    Using openssl to Issuing a certificate

    Topic posted on: 12-08-2015 at 10:41


    Having purchased a wild card certificate for a given domain eg *.foobar.co.uk

    I wanted to be able to issue certificate for the machine super.foobar.co.uk since the wild card certificate is for anything in the doman foobar.co.uk

    I am trying to do this with openssl under linix[ubuntu], most of the scripts I have seen on the internet assume you either want to generate a self signed certificate, or you want to set up your own certificate authority and wish to issue certificates based on this certificate authority. The requirements for setting up a certificate authority is a valid signed certificate and the private key for this certificate. The private key is not supply with the product from versio.

    I have already used update-ca-certificates to load the *.foobar.co.uk certificate

    Q. How do I issue a certificate for my domain using my existing openssl ?

    Q, If its necessary for me to set up a certificate authority, how do I get a copy of the 'private key' for my existing certificate ?

  2. Wesley Member
    Reply posted on: 12-08-2015 at 17:06

    Hi Dave,

    1) You can create a CSR with the following command on the commandline from your server "openssl req -nodes -newkey rsa:2048 -keyout wildc_foobar_co_uk.key -out wildc_foobar_co_uk.csr"

    You need the CSR to issue a new certificate.

    2) You don't need to setup a own certificate authority.

    Was this reply useful to you?

  3. Dave Member
    Reply posted on: 15-08-2015 at 21:04

    Hi Wesley

    The command you quoted generates a csr and key file

    But how do I generate the certificate ?

    I did try
    openssl x509 -req -days 365 -in cert.csr -signkey cert.key -out cert.crt

    But this results in a self signed certificate ! It wanted to be able to use the wild card certificate I purchased from version

    I had assumed that the wild card in in the enabled you to do this sort of thing.

    Was this reply useful to you?

  4. Gerald Versio staff
    Reply posted on: 28-10-2015 at 19:57

    After you have created the CSR you can purchase the SSL certificate. During the order you will have to fill the CSR code. After the order your Domain will be validated and the SSL certificate will be delivered to your mailbox.

    Was this reply useful to you?