Generating an SSL Certificate on OpenBSD

Note: if you’re looking to use Let’s Encrypt as your Certificate Authority, please see my separate post here.

I wrote the below as more of an aide-memoire when I was shifting my website around while experimenting with different hardware platforms for OpenBSD. I still have a paid-for SSL Certificate that I use for one of my sites. I use Let’s Encrypt for the others. The below provides a basic step-by-step. More detail is explained in the man page.

Step 1: Generate an RSA Key

# openssl genrsa -out /etc/ssl/private/my.key 4096

Step 2: Use the generated key to Generate a Certificate Signing Request (CSR)

# openssl req -new -key /etc/ssl/private/my.key -out /etc/ssl/private/my.csr

Step 3: Submit to your Certificate Authority (CA)

Follow their procedures. You’ll probably need to copy and paste in the contents of your .csr file generated from 2. above.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: