INTRODUCTION
SKUDONET Load Balancer offers the capability to handle HTTPS connections through its HTTP Profile feature. Therefore, the administrator is required to generate their individual certificates (self-generated certificates) or obtain Signed Certificates from a Certificate Authority. In both scenarios, the certificate needs to be structured in PEM format.
The Secure Certificate must be constructed without a password, and the keys along with the CSR (Certificate Signing Request) need to be produced on the server to be secured.
Positive SSL certificates are readily compatible with PEM format, while Rapid SSL certificates necessitate conversion. In the case of Rapid SSL, each file encompasses the certificate, intermediate CA, and root CA in separate components.
REQUIREMENTS
To facilitate key generation on our SKUDONET Load Balancer instance (which should already be set up), it’s essential to have the openssl package installed.
Commence by crafting a key devoid of any passphrase.
openssl genrsa -out host_domain_com.key 2048
Following this, shape a Certificate Signed Request (.csr) through utilization of the aforementioned key (.key).
openssl req -new -key host_domain_com.key -out host_domain_com.csr
When the certificate and intermediate CA files are furnished, secure the issuer root certificate.
It’s paramount that each distinct file adopts the PEM format: Server Certificate, Intermediate Certificate, and Root CA Certificate. Should this not be the case, the ensuing command can be employed for file conversion:
openssl x509 -in certFileName.cer -outform PEM -out convertedCertFileName.pem
When the Private Key, Issued Certificate, Intermediate Certificate, and Root CA Certificate are ready, proceed to combine their contents to generate the unified PEM file in UNIX format.
PEM FORMATTED CERTIFICATE CREATION
Constructing the PEM certificate necessitates adhering to the ensuing structure.
-----BEGIN RSA PRIVATE KEY----- Private Key (without passphrase) -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- Certificate (CN=www.mydomain.com) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- Intermediate (Intermediate CA, if exists) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- Root (ROOT CA, who signs the Certificate) -----END CERTIFICATE-----
Synthesizing an accurate PEM composition requires interlocking the divergent file contents produced within the prior stage, introducing these demarcations:
-----BEGIN RSA PRIVATE KEY----- uiMTxBQnK9ApC5eq1mrBooECgYB4925pDrTWTbjU8bhb/7BXsjBiesBBVO43pDYL 1AOO5EEikir239UoFm6DQkkO7z4Nd+6Ier9fncpN1p1EZtqPxT64nsUTNow/z1Pp nUVxhqt4DT+4Vp5S7D9FQ+HagbhVInQXKXtT7FNFhpIxpRy512ElSuWvrELiZOwe -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- wYDVR0fBDwwOjA4oDagNIYyaHR0cDovL3JhcGlkc3NsLWNybC5n ZW90cnVzdC5jb20vY3Jscy9yYXBpZHNzbC5jcmwwHQYDVR0OBBYEFA8nu+rbiNqg DYmhNE0IgXx6XRHiMAwGA1UdEwEB/wQCMAAwSQYIKwYBBQUHAQEEPTA7MDkGCCsG gOYD8kmKOsxLRWeZo6Tn8 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- EgYDVR0TAQH/BAgwBgEB/wIBADA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3Js Lmdlb3RydXN0LmNvbS9jcmxzL2d0Z2xvYmFsLmNybDA0BggrBgEFBQcBAQQoMCYw JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdlb3RydXN0LmNvbTANBgkqhkiG9w0B -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1 jOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y 7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh 1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4 -----END CERTIFICATE-----
It’s a prerequisite to transform the complete PEM file into the UNIX format.
For trial purposes, a certificate dubbed zencert.pem is at your disposal, designed for use within HTTPS profile farms.