Read the pem file:

openssl x509 -in /etc/haproxy/cert.pem -text -noout

Creating new certificates

Creating new key and certificate request (CSR)

openssl req -new -newkey rsa:4096 -out newcertificate.csr -config openssl_req.cnf -nodes -keyout newcertificate.key

Example openssl_req.cnf file:

[req]
distinguished_name = req_distinguished_name
req_extensions = req_ext
prompt = no

[req_distinguished_name]
C   = 
ST  = 
L   = 
O   = 
CN  = hostname, fqdn, url

[req_ext]
subjectAltName = @alt_names

[alt_names]
IP.1 = ip address of the host
DNS.1 = alternative DNS 1
DNS.2 =  alternative DNS 2
DNS.3 =  alternative DNS 3

Creating key for ca

openssl genrsa -aes256 -out ca.key 4096

Creating ca certificate

openssl req -x509 -new -key ca.key -sha256 -days 36500 -out ca.crt

Creating key for server certificate

openssl genrsa -out server.key 4096

Creating request for server certificate

openssl req -new -key server.key -out server.csr
openssl req -new -key server.key -out server.csr -config openssl_req-server.cnf

Signing created request

openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 3650 -sha256 -extfile openssl_req-server.cnf

Converting

Convert *.cer to *.pem:

openssl x509 -inform der -in certificate.cer -out certificate.pem

Converting p7b chain to pem chain:

openssl pkcs7 -print_certs -inform DER -in your_certificate.p7b -out your_certificate.pem

Tags:

Updated:

You may also enjoy