Muhammed İbrahim Erbay, Dr.

Muhammed İbrahim Erbay, Dr.

Cardiovascular Research Enthusiast

Create TLS Connection using OpenSSL on Linux

1 minute read

Published:

In the modern world of computers, secure connection is more important than before. TLS is a good way to achieve this secure communication.

This paper will guide you through the steps for creating TLS certificates signed by a local CA.

Note: When you copy paste files below to the terminal directly, be careful about hidden characters. You should be checking this characters via some text editor.

Create .cnf File

[atlbender@app_server ~]# cat <application_name>.cnf

[req]
default_bits = 2048
distinguished_name = dn
prompt             = no
req_extensions = req_ext
 
[dn]
C="<Country Code>"
ST="<Country>"
L="<City>"
O="<Your Company>"
OU="<Your Compnay Abbreviated>"
CN="<DOMAIN_NAME>"
 
[req_ext]
subjectAltName = @alt_names
 
[alt_names]
DNS.0 = <DOMAIN_NAME>
IP.0 = <IP_ADDRESS>

Create .csr to Send to CA

[atlbender@app_server ~]# openssl req -out <application_name>.csr -newkey rsa:2048 -nodes -keyout <application_name>.key -config <application_name>.cnf

In this step, you will have the following files,

  • <application_name>.cnf : Created by you
  • <application_name>.key : Created by you
  • <application_name>.csr : Created by you using above files
  • <application_name>.cer : Send to you by your local authority

Your application now has its own certificate assigned to the specified IP with specified DN.

Add your Certificate to System and Java

With your trusted certificate, you can reach your system and application securely. However, we need to add it to system. The below application is for RHEL8. You need to search for your version of commands,

[atlbender@app_server ~]# cp <application_name>.cer /etc/pki/ca-trust/source/anchors
[atlbender@app_server ~]# update-ca-trust

And to your application,

[atlbender@app_server ~]# path/to/java/jre/bin/keytool -import -alias <cert_alias> -file path/to/cert.crt  -keystore path/to/java/jre/lib/security/cacerts

Enter password “changeit” when you are asked. In case you want to list all the certificates in the cacerts , you can use below command;

path/to/java/jre/bin/keytool -list -keystore path/to/java/jre/lib/security/cacerts

That is all! Now you can reach your application through SLL connection.

Do not hesitate to be in contact!

You May Also Enjoy

Future Blog Post

less than 1 minute read

Published:

This post will show up by default. To disable scheduling of future posts, edit config.yml and set future: false.

Blog Post number 4

less than 1 minute read

Published:

This is a sample blog post. Lorem ipsum I can’t remember the rest of lorem ipsum and don’t have an internet connection right now. Testing testing testing this blog post. Blog posts are cool.

Blog Post number 3

less than 1 minute read

Published:

This is a sample blog post. Lorem ipsum I can’t remember the rest of lorem ipsum and don’t have an internet connection right now. Testing testing testing this blog post. Blog posts are cool.

Blog Post number 2

less than 1 minute read

Published:

This is a sample blog post. Lorem ipsum I can’t remember the rest of lorem ipsum and don’t have an internet connection right now. Testing testing testing this blog post. Blog posts are cool.