Generating a new SSL certificate

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

openssl req \
    -newkey rsa:2048 \
    -x509 \
    -nodes \
    -keyout TLS.key \
    -new \
    -out TLS.cert \
    -subj /CN=<Issuer> \
    -reqexts SAN \
    -extensions SAN \
    -config <(cat /etc/ssl/openssl.cnf \
        <(printf '[SAN]\nsubjectAltName=DNS:<HOST_NAME>,IP:<IP_ADDRESS>')) \
    -sha256 \
    -days <EXPIRY_IN_DAYS>

• Change the <Issuer> to the name of your liking.
• Add as much DNS:<HOST_NAME> and IP:<IP_ADDRESS> as you want, separated by comma.
• Change the <EXPIRY_IN_DAYS> to the number of days you want the certificate to be valid for.

Converting to PEM format

1
2

openssl rsa -in TLS.key -out TLS.key.pem
openssl x509 -inform PEM -in TLS.cert -out TLS.cert.pem

Add/remove certificate to/from trusted root certificate store

Adding to your web server

Note: the directory paths may be different if you use Docker to run theses services.

Cockpit

• TLS.key, TLS.cert ▶️ /etc/cockpit/ws-certs.d/.

Nginx

• TLS.key, TLS.cert ▶️ /etc/nginx/ssl/.
• Add the following to your server block:

1
2

ssl_certificate /etc/nginx/ssl/TLS.cert;
ssl_certificate_key /etc/nginx/ssl/TLS.key;

Apache

• TLS.key, TLS.cert ▶️ /etc/apache2/ssl/.
• Add the following to your VirtualHost block:

1
2
3

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/TLS.cert
SSLCertificateKeyFile /etc/apache2/ssl/TLS.key

Traefik

• TLS.key, TLS.cert ▶️ /etc/traefik/ssl/.
• Add the following to your static configuration:

1
2
3
4
5

ssl:
  certResolver: default
  certificates:
    - certFile: /etc/traefik/ssl/TLS.cert
      keyFile: /etc/traefik/ssl/TLS.key

Syncthing

• Rename TLS.key.pem to https-key.pem.
• Rename TLS.cert.pem to https-cert.pem.
• https-key.pem, https-cert.pem ▶️ /var/syncthing/.

Portainer

• Navigate to Settings and scroll down to SSL Certificate section.

  

References

• How to get .pem file from .key and .crt files? | user2738183
• Can not get rid of net::ERR_CERT_COMMON_NAME_INVALID error in chrome with self-signed certificates | krisFR