Versão avaliada: Debian 12
Inicalmente defina o nome correto do servidor e que seja o mesmo para no serviço DNS:
# hostnamectl set-hostname hl114.local.domain --static
# vi /etc/hosts
192.168.10.114 hl114.local.domain hl114
# reboot
Gerando a chave privada.
# cd /etc/ssl
# openssl genrsa -aes256 -out hl114.local.domain.key 4096
Enter PEM pass phrase: Insira um password
Verifying - Enter PEM pass phrase: Insira novamente o password
# openssl rsa -in hl114.local.domain.key -out hl114.local.domain.key
Enter pass phrase for hl114.local.domain.key: Insira o password
writing RSA key
Gerando o certificado.
# openssl req -new -key hl114.local.domain.key -out hl114.local.domain.csr
...
Country Name (2 letter code) [AU]:BR
State or Province Name (full name) [Some-State]:PARANA
Locality Name (eg, city) []:CURITIBA
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Domain
Organizational Unit Name (eg, section) []:TI
Common Name (e.g. server FQDN or YOUR name) []:<hl114.local.domain ou 192.168.10.114>
Email Address []:sem@email.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: <press Enter>
An optional company name []: <press Enter>
Certificado autoassinado e definindo período de vigência.
# openssl x509 -days 3650 -in hl114.local.domain.csr -out hl114.local.domain.crt -req -signkey hl114.local.domain.key
Signature ok
subject=C = BR, ST = PARANA, L = CURITIBA, O = Domain, OU = TI, CN = 192.168.10.114, emailAddress = sem@email.com
Getting Private key
Nota: Para renovar o certificado é necessário executar o comando acima e importar o .crt novamente.