Certificado

Versão avaliada: Debian 12

Criando o Certificado

• Inicalmente defina o nome correto do servidor e que seja o mesmo para no serviço DNS:

# hostnamectl set-hostname hl114.local.domain --static

# vi /etc/hosts

192.168.10.114 hl114.local.domain hl114

# reboot

• Gerando a chave privada.

# cd /etc/ssl

# openssl genrsa -aes256 -out hl114.local.domain.key 4096

Enter PEM pass phrase: Insira um password

Verifying - Enter PEM pass phrase: Insira novamente o password

# openssl rsa -in hl114.local.domain.key -out hl114.local.domain.key 

Enter pass phrase for hl114.local.domain.key:  Insira o password

writing RSA key

• Gerando o certificado.

# openssl req -new -key hl114.local.domain.key -out hl114.local.domain.csr

...

Country Name (2 letter code) [AU]:BR

State or Province Name (full name) [Some-State]:PARANA

Locality Name (eg, city) []:CURITIBA

Organization Name (eg, company) [Internet Widgits Pty Ltd]:Domain

Organizational Unit Name (eg, section) []:TI

Common Name (e.g. server FQDN or YOUR name) []:<hl114.local.domain ou 192.168.10.114>

Email Address []:sem@email.com

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:  <press Enter>

An optional company name []:  <press Enter>

• Certificado autoassinado e definindo período de vigência.

# openssl x509 -days 3650 -in hl114.local.domain.csr -out hl114.local.domain.crt -req -signkey hl114.local.domain.key

Signature ok

subject=C = BR, ST = PARANA, L = CURITIBA, O = Domain, OU = TI, CN = 192.168.10.114, emailAddress = sem@email.com

Getting Private key

Nota: Para renovar o certificado é necessário executar o comando acima e importar o .crt novamente.