Getting new SSL certificates for use with nginxEdit

I just got two new SSL certificates for use with and

Generating new private keys

Rather than using the old private key that I had previously used with my certificate (documented in "SSL certificate renewal notes 2008"), I decided to generate a new key:

$ sudo -s
# mkdir keys certs
# cd keys
# openssl genrsa -des3 -out 1024

Generating a certificate signing request

# openssl req -new -key -out ../certs/

This is how I answered the questions:

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [GB]:AU
State or Province Name (full name) [Berkshire]:South Australia
Locality Name (eg, city) [Newbury]:Rundle Mall
Organization Name (eg, company) [My Company Ltd]
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []
Email Address []

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []

Inspect the CSR:

# openssl req -noout -text -in ../certs/

Getting the actual signed certificate

Follow issuer’s instructions (basically, go to their website and past in the CSR):

# cat ../certs/

Once you get the signed certificate, copy and paste it into a file:

# nano ../certs/

Copy and paste their root certificate as well:

# nano ../certs/rapidssl.root.crt

One more time…

Now repeat all the same steps, this time for

# openssl genrsa -des3 -out 1024
# openssl req -new -key -out ../certs/
# openssl req -noout -text -in ../certs/
# cat ../certs/
# nano ../certs/

See also