====== SSL certificates ======

===== PEM certificate =====

Create a private key in the PEM format:
<cli prompt='#'>
# openssl genrsa -out /etc/security/TSDprivkey.pem 2048

Generating RSA private key, 2048 bit long modulus
............................................+++
............................................+++
e is 65537 (0x10001)

# ls -l /etc/security/TSD*
-rw-r--r-- 1 root system 1675 Feb 24 01:42 /etc/security/TSDprivkey.pem


# cat /etc/security/TSDprivkey.pem
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA4G9C9HNy6n+jfAzMx3pr9UhzWFxdd1E49D+fIpD4v++ncANEGPOMkDVTHlLjqZdyUDhax2Vc37SjBZBvYNX+KGjqqk/tbHr6QixF0+VdmOf2kBGi
9JA2SjwWfVOxBYNZR4/KbD5cDvPaDpSbDxAZoeaF8Ws7p/Ko6c+qGBNzTv2IuUTxbaxptGOkIH1DmtD1k8EsznbwP8RaRB3BHmZ4YLXYg9fc7U88ZNh3A17JiY2PDlk
KUQ/O4nqqTviAfBg0U8XHhs8ZXZqqu/zOboXMI8vYLiBChnD7lecy/a9N1HWSNTUdnU5+n96oKO6r7ZGoWp36QY1SWqaOBR/U6IbbwIDAQABAoIBAG/yz6EDnUSfGjc
-----END RSA PRIVATE KEY-----
</cli>

===== Create the corresponding certificate in DER format =====

Valid for 3650 days, or 10 years:
<cli prompt='#'>
# openssl req -new -x509 -key /etc/security/TSDprivkey.pem -outform DER -out /etc/security/TSDcertificate.der -days 3650

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:EG
State or Province Name (full name) [Some-State]:Cairo
Locality Name (eg, city) []:Maadi
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ABC
Organizational Unit Name (eg, section) []:XYZ
Common Name (e.g. server FQDN or YOUR name) []:Mash
Email Address []:mash@abc.com

# ls -l /etc/security/TSD*
-rw-r--r-- 1 root system 971 Feb 24 01:57 /etc/security/TSDcertificate.der
-rw-r--r-- 1 root system 1675 Feb 24 01:42 /etc/security/TSDprivkey.pem
</cli>

===== Convert the private key format from PEM to DER =====

<cli prompt='#'>
# openssl pkcs8 -inform PEM -in /etc/security/TSDprivkey.pem -topk8 -nocrypt -outform DER -out /etc/security/TSDprivkey.der
# ls -l /etc/security/TS*
-rw-r--r-- 1 root system 971 Feb 24 01:57 /etc/security/TSDcertificate.der
-rw-r--r-- 1 root system 1217 Feb 24 01:58 /etc/security/TSDprivkey.der
-rw-r--r-- 1 root system 1675 Feb 24 01:42 /etc/security/TSDprivkey.pem
</cli>