Login via SSH as user root
Enter csr and private key command
openssl req -new -newkey rsa:2048 -nodes -keyout <server>.key -out <server>.csr <server> - replace with the domain name you intend to secure
EXAMPLE:
[root]# openssl req -new -newkey rsa:2048 -nodes -keyout fe-cdr-app-01.key -out fe-cdr-app-01.csr
Generating a 2048 bit RSA private key
..............................................................+++
................+++
writing new private key to 'fe-cdr-app-01.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:Georgia
Locality Name (eg, city) [Default City]:Atlanta
Organization Name (eg, company) [Default Company Ltd]:Example, Inc.
Organizational Unit Name (eg, section) []:R&D
Common Name (eg, your name or your server's hostname) []:fe-cdr-app-01.example.com
Email Address []:support@example.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
-----BEGIN CERTIFICATE REQUEST-----
and
-----END CERTIFICATE REQUEST-----
OPTIONAL:
- cat new .csr file (i.e. fe-cdr-app-01.csr) and browse to https://www.sslshopper.com/csr-decoder.html
- Using CSR Decoder paste contents of csr into box and press enter to verify the request
Present the csr file to your certificate authority to receive the signed SSL certificate
Receive the signed SSL certificate from certificate authority via email and download as pem file
Backup original /etc/nginx/ssl/nginx.crt
& /etc/nginx/ssl/nginx.key
Rename the new key file to nginx.key
Create new nginx.crt using the contents of the newly signed certificate pem file received from certificate authority
Restart nginx
[root]# systemctl restart nginx