= SSL Certificate Creation SOP Every now and then you will need to create an SSL certificate for a Fedora Service. == Creating a CSR for a new server. Know your hostname, ie [.title-ref]##lists.fedoraproject.org##`: .... export ssl_name= .... Create the cert. 8192 does not work with various boxes so we use 4096 currently.: .... openssl genrsa -out ${ssl_name}.pem 4096 openssl req -new -key ${ssl_name}.pem -out $(ssl_name}.csr Country Name (2 letter code) [XX]:US State or Province Name (full name) []:NM Locality Name (eg, city) [Default City]:Raleigh Organization Name (eg, company) [Default Company Ltd]:Red Hat Organizational Unit Name (eg, section) []:Fedora Project Common Name (eg, your name or your server's hostname) []:lists.fedorahosted.org Email Address []:admin@fedoraproject.org Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: .... send the CSR to the signing authority and wait for a cert. place all three into private directory so that you can make certs in the future. == Creating a temporary self-signed certificate. Repeat the steps above but add in the following: .... openssl x509 -req -days 30 -in ${ssl_name}.csr -signkey ${ssl_name}.pem -out ${ssl_name}.cert Signature ok subject=/C=US/ST=NM/L=Raleigh/O=Red Hat/OU=Fedora Project/CN=lists.fedorahosted.org/emailAddress=admin@fedoraproject.org .... Getting Private key We only want a self-signed certificate to be good for a short time so 30 days sounds good.