Creating TLS Certificates
Installing a custom private key and local certificate on ProSBC
See WEB Portal configuration documentation
Use ProSBC (or Linux) shell to manipulate certificates
You can use ProSBC's shell (or most Linux hosts' shell as long as OpenSSL is installed) to create and view private keys, certificates and CSRs (certificate signing requests).
Create new private key
openssl genrsa -aes256 -out MY_PRIVATE_KEY.pem 2048
You will be prompted to enter a pass phrase:
Generating RSA private key, 2048 bit long modulus
.....................+++
..............................+++
e is 65537 (0x10001)
Enter pass phrase for MY_PRIVATE_KEY.pem:
Verifying - Enter pass phrase for MY_PRIVATE_KEY.pem:Resulting file:
-rw-r--r-- 1 root root 1704 Mar 14 09:15 MY_PRIVATE_KEY.pemCreate a self-signed certificate from a private key
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout MY_PRIVATE_KEY.pem -out MY_CERTIFICATE.crtYou will be prompted to answer questions regarding the certificate:
Generating a 2048 bit RSA private key
.........................................................+++
........................................................................................................................................................................................+++
writing new private key to 'MY_PRIVATE_KEY.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CA
State or Province Name (full name) []:Quebec
Locality Name (eg, city) [Default City]:Boucherville
Organization Name (eg, company) [Default Company Ltd]:TelcoBridges
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:MySBC
Email Address []:support@telcobridges.com
Resulting files:
-rw-r--r-- 1 root root 1415 Mar 14 09:15 MY_CERTIFICATE.crt
-rw-r--r-- 1 root root 1751 Mar 14 09:14 MY_PRIVATE_KEY.pemCreate a CSR (certificate signing request) from a private key
openssl req -new -newkey rsa:2048 -nodes -keyout my_local_cert.key -out MY_CSR.csrYou will be prompted to answer questions regarding the certificate:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CA
State or Province Name (full name) []:Quebec
Locality Name (eg, city) [Default City]:Boucherville
Organization Name (eg, company) [Default Company Ltd]:TelcoBridges
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:MySBC
Email Address []:support@telcobridges.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:my_password
An optional company name []:TelcoBridgesResulting files:
-rw-r--r-- 1 root root 1127 Mar 14 09:20 MY_CSR.csrView the contents of the certificate
openssl x509 -noout -text -in MY_CERTIFICATE.crtResulting output:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
f3:fc:c5:72:ea:a9:50:a6
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=CA, ST=Quebec, L=Boucherville, O=TelcoBridges, CN=MySBC/emailAddress=support@telcobridges.com
Validity
Not Before: Mar 14 13:15:53 2019 GMT
Not After : Mar 13 13:15:53 2020 GMT
Subject: C=CA, ST=Quebec, L=Boucherville, O=TelcoBridges, CN=MySBC/emailAddress=support@telcobridges.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:dc:38:85:9f:75:ce:cf:7c:3b:60:20:11:d1:47:
00:39:6e:10:5c:3b:72:6e:26:09:70:7a:df:14:b3:
f4:60:fb:0d:73:69:a9:4c:4f:a0:34:12:83:1a:9b:
ce:f0:61:59:bd:f1:fb:a3:cb:84:be:a5:3b:86:e5:
e0:66:82:53:fd:69:c3:f1:cf:85:73:2d:30:a9:a5:
82:4e:e2:0f:20:de:88:9d:7a:42:d3:19:7b:09:08:
68:75:c4:36:46:23:f2:c6:05:49:e6:79:06:ce:f8:
9f:66:11:ad:e3:41:6c:f5:cb:df:3a:a4:77:a3:b3:
9b:55:f4:fc:5a:5a:c1:ae:c5:5d:0b:de:b1:1a:bc:
3d:02:b9:0c:5d:d8:57:33:66:b2:a8:c0:c2:74:16:
20:32:63:0f:8b:8f:aa:f4:aa:bc:8a:12:1b:54:e1:
87:c7:10:79:ea:1d:f3:e2:4b:b3:b5:70:d5:ec:27:
24:d3:f2:37:20:7e:f7:2c:69:21:63:50:4a:fe:a2:
98:4f:bc:c8:4b:3c:74:68:95:8e:0a:0b:42:39:d3:
cb:88:1d:55:c1:e1:61:f3:b0:64:42:6f:ec:c5:6f:
8f:f8:1c:a8:d9:5b:fc:d7:54:91:3b:0a:c4:1a:82:
d1:96:11:ca:16:b8:44:f0:48:3a:1e:e4:78:d0:14:
f5:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:DA:43:3C:BC:E6:B1:8B:E7:B4:1C:AB:39:14:66:72:F5:C2:D6:25
X509v3 Authority Key Identifier:
keyid:9C:DA:43:3C:BC:E6:B1:8B:E7:B4:1C:AB:39:14:66:72:F5:C2:D6:25
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
4c:96:41:e8:ff:d8:79:e0:db:22:ec:a2:10:1b:c0:88:f3:83:
60:b1:2d:91:06:15:a4:96:4a:9a:fb:3c:39:a4:48:04:a9:55:
1b:b5:c2:c8:08:e0:70:d7:03:c5:e1:1d:f7:0c:3d:38:49:aa:
9b:85:1f:d2:6b:61:f5:10:9a:c7:0a:ff:34:a4:e9:d5:0b:cd:
2a:90:84:07:ac:74:7f:d9:e1:dd:33:dd:ae:8c:5a:61:ec:20:
d3:6e:7c:e5:be:46:94:b4:bc:da:54:80:12:28:5b:12:80:a1:
ad:86:6a:f9:dc:1f:f8:a5:cb:ab:2a:30:5d:f8:19:9f:e8:82:
9b:32:b7:cc:d5:f9:7d:3b:35:51:8b:a5:39:e3:71:84:37:09:
20:e0:d9:6c:6f:37:76:49:3a:01:ea:ce:8b:71:74:fe:29:2c:
84:3d:3b:9e:6c:50:64:53:36:90:6e:49:ce:40:fd:80:c7:25:
31:d5:49:42:0f:c7:37:9a:9e:99:6b:37:3e:9a:71:a7:a2:87:
19:1d:a3:44:48:b8:c3:65:c1:55:b2:0c:57:e8:0f:a6:f2:a5:
b4:d3:50:04:fe:fd:86:2c:c2:0a:c2:20:aa:81:26:48:34:3a:
3d:a6:2e:1b:eb:d7:b9:f1:a2:ad:7a:42:37:81:63:02:ac:3b:
e6:01:6b:10View the signing request of a certificate (CSR)
openssl req -text -noout -verify -in MY_CSR.csrResulting output:
verify OK
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=CA, ST=Quebec, L=Boucherville, O=TelcoBridges, CN=MySBC/emailAddress=support@telcobridges.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:dc:38:85:9f:75:ce:cf:7c:3b:60:20:11:d1:47:
00:39:6e:10:5c:3b:72:6e:26:09:70:7a:df:14:b3:
f4:60:fb:0d:73:69:a9:4c:4f:a0:34:12:83:1a:9b:
ce:f0:61:59:bd:f1:fb:a3:cb:84:be:a5:3b:86:e5:
e0:66:82:53:fd:69:c3:f1:cf:85:73:2d:30:a9:a5:
82:4e:e2:0f:20:de:88:9d:7a:42:d3:19:7b:09:08:
68:75:c4:36:46:23:f2:c6:05:49:e6:79:06:ce:f8:
9f:66:11:ad:e3:41:6c:f5:cb:df:3a:a4:77:a3:b3:
9b:55:f4:fc:5a:5a:c1:ae:c5:5d:0b:de:b1:1a:bc:
3d:02:b9:0c:5d:d8:57:33:66:b2:a8:c0:c2:74:16:
20:32:63:0f:8b:8f:aa:f4:aa:bc:8a:12:1b:54:e1:
87:c7:10:79:ea:1d:f3:e2:4b:b3:b5:70:d5:ec:27:
24:d3:f2:37:20:7e:f7:2c:69:21:63:50:4a:fe:a2:
98:4f:bc:c8:4b:3c:74:68:95:8e:0a:0b:42:39:d3:
cb:88:1d:55:c1:e1:61:f3:b0:64:42:6f:ec:c5:6f:
8f:f8:1c:a8:d9:5b:fc:d7:54:91:3b:0a:c4:1a:82:
d1:96:11:ca:16:b8:44:f0:48:3a:1e:e4:78:d0:14:
f5:1d
Exponent: 65537 (0x10001)
Attributes:
challengePassword :my_password
unstructuredName :TelcoBridges
Signature Algorithm: sha256WithRSAEncryption
85:98:17:25:45:42:f6:44:f0:51:ca:42:32:92:e6:0e:a6:9d:
59:73:1c:82:c6:9b:c1:b7:17:00:77:f3:42:52:86:d6:08:a8:
30:99:02:41:c6:c2:22:b2:98:b9:f7:83:b9:b0:ab:5b:59:95:
9c:32:3b:9b:15:1c:4c:90:d1:bb:cf:fb:85:c4:5d:df:df:9e:
18:1b:f8:5b:b5:68:60:0f:d8:c6:5d:29:0c:54:b3:63:88:0c:
05:59:34:ad:c0:11:5b:e9:fb:e8:8c:c1:b5:5f:83:60:78:05:
b7:7e:66:d7:1a:59:5a:2e:b3:9c:c2:38:68:29:bf:44:51:da:
c9:2b:c3:f1:47:3c:d4:ce:4a:b2:8f:7d:6a:72:46:13:a8:97:
18:7e:bf:b0:33:14:ee:61:ed:94:c6:c0:19:92:14:2d:a0:8c:
b1:a2:c1:61:40:62:90:7c:64:09:52:ec:b6:fd:cb:fe:56:3f:
6e:de:e3:38:93:ee:e4:26:33:59:6c:3f:4f:36:87:de:96:4d:
c4:bd:ce:35:b2:79:16:38:f5:84:c8:ce:4a:27:11:6b:4b:0d:
9b:9f:dd:63:87:ca:23:12:8c:64:3b:c7:f0:46:e8:bd:e0:e7:
35:9d:b9:fb:aa:60:e2:48:8f:9b:6b:fb:69:2f:a5:7c:94:5a:
70:4d:a6:d1Check that a certificate and a CSR match the private key
openssl x509 -noout -modulus -in MY_CERTIFICATE.crt | openssl md5
openssl rsa -noout -modulus -in MY_PRIVATE_KEY.pem | openssl md5
openssl req -noout -modulus -in MY_CSR.csr | openssl md5All 3 commands should display the same MD5 hash:
(stdin)= 41c46eddc15580673fe4adb8f5255634Last updated
Was this helpful?