External

Internal

• openssl

Generate a Public/Private Key Pair

Generate the Private Key

This is the procedure to generate a public/private key pair. The keys can be further used to generate digitally signed certificates, or even to configure ssh, though ssh has its own procedure to generate key pairs, which produces equivalent keys in the same PEM format.

openssl genrsa|gendsa -out <keyfile-name>.pem <key-lenght>

openssl genrsa -out test-pk.pem 2048

The command generates a RSA/DSA key of specified length in PEM format.

Generate the Matching Public Key

Generate a Self-Signed Certificate

Create a Certificate Signing Request (CSR)

This procedure generates a Certificate Signing Request (CSR).

Obtain a Server Certificate

openssl s_client -connect nexus-cicd.apps.openshift.novaordis.io:443

The response includes the server's certificate:

[...]
Certificate chain
 0 s:/CN=*.apps.openshift.novaordis.io
[...]
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDRTCCAi2gAwIBAgIBEjANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu
[...]
65vqsz8NTtde1vJ5qW31Af0pO9YehiSRfA==
-----END CERTIFICATE-----
subject=/CN=*.apps.openshift.novaordis.io
[...]