I wanted to share a helpful tip for anyone working on Cloud Implementation. When it comes to securing data, it’s always a good idea to encrypt it whether it’s at rest or in transit. Recently, one of my clients requested that I enable SSL on all URLs to encrypt the in-transit data.
To do this, I first had to create a Certificate Signing Request (CSR) file using OpenSSL. Here are the steps I followed:
1. Create an OpenSSL configuration file (csr_req.conf)
To get started, I created an OpenSSL configuration file named “csr_req.conf“. This file contains various configuration settings for the CSR. For this example, we have included the following:
- “distinguished_name” section: Contains information about the entity requesting the SSL Certificate.
- “req_extensions” section: Includes the settings for the SSL Certificate request. Here, we have included the “v3_req” section.
- “v3_req” section: Contains the SSL Certificate request settings, including the “keyUsage“, “extendedKeyUsage“, and “subjectAltName“.
- “subjectAltName” section: Includes the DNS name(s) of the server(s) that will use the SSL Certificate.
This is how the file will look like:
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = IN
ST = Karnataka
L = Bengaluru
O = abkot
OU = abkot Application
CN = myapp01.abkot.com
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = www.abkot.com
2. Run openssl command to generate the CSR file
Once the configuration file is created, I ran the OpenSSL command to generate the CSR file. The following command is used:
openssl req -new -out myapp01.abkot.com.csr -newkey rsa:2048 -nodes -sha256 -keyout myapp01.abkot.com.key -config csr_req.conf
This command generates a CSR file named “myapp01.abkot.com.csr” and a private key file named “myapp01.abkot.com.key“. The CSR file contains information about the entity requesting the SSL Certificate, including the public key, while the private key is used to secure the data.
The CSR file can then be submitted to an internal or external certification authority to provide the SSL Certificate. Once the SSL Certificate is obtained and installed, the URLs will be encrypted with SSL, ensuring the security of data in transit.