Much of this is preconfigured by cfengine using a Makefile. Here’e the general procedure for RHEL5/RHEL6 boxes:
sudo su
cd /etc/pki/tls/certs
make myhostname.csr
Answer the questions (US, Vermont, Burlington, etc). CN is hostname. Password is password. Then you’ll have the .csr file, and the .key file (which is encrypted). Assuming you want it unencrypted:
umask 077
openssl rsa -in myhostname.key -out myhostname.key.notcrypted
(enter password)
mv myhostname.key.notcrypted myhostname.key.new
Update 2017-04-11: Makefile still generates SHA1 requests. Here’s the openssl commands to manually make a SHA2 request:
openssl genrsa -aes128 2048 > myhostname.key
(enter password)
openssl req -utf8 -new -sha256 -key test.key -out myhostname.csr
Leave a Reply