SSL Cert Generation
One of the easiest ways to generate SSL certs is with
certbotwhich leveragesletsencrypt
Generate your Certs
certbot certonly --manual -d mydomain.com
SSL Overview
This command will generate four files in:
/etc/letsencrypt/live/mydomain.comprivkey,pem
This is the key file, a.k.a. your private key
Sometimes also named as
cert.keyormydomain.com.key
fullchain.pem
This is your
crtfileAlso sometimes named
mydomain.crt
bundle.pem
Contains all the certificates
Would be created with
cat fullchain.pem privkey.pem > bundle.pem
cert.pem
This file contains only your certificate
Can only be used by itself if the browser already has the certificate which signed it
May work in testing, don't use in production
chain.pem
Intermediary signed authority, signed by the root authority
All browsers are guaranteed to have in their pre-built cache.
Openssl Generate Certs
Use openssl to generate your own self signed cert
Generate a new private key and Certificate Signing Request
Generate a certificate signing request (CSR) for an existing private key
Generate a certificate signing request based on an existing certificate
Remove a passphrase from a private key
Checking Certs
You can inspect the cert like this:
Check a Certificate Signing Request (CSR)
Check a private key
Check a certificate
Check a PKCS#12 file (.pfx or .p12)
Last updated