Creating a CSR (Certificate Signing Request)

Log in as smeconfiguser then become root

Generate a config file we'll use, update the <server fqdn> with the URL you'd like to use for access.

vim san.cnf

  
  [ req ]
  default_bits       = 2048
  distinguished_name = req_distinguished_name
  req_extensions     = req_ext
  [ req_distinguished_name ] 
  countryName                 = Country Name (2 letter code)
  stateOrProvinceName         = State or Province Name (full name)
  localityName               = Locality Name (eg, city)
  organizationName           = Organization Name (eg, company)
  commonName                 = Common Name (POC Server FQDN)
  [ req_ext ]
  subjectAltName = @alt_names
  [alt_names]
  DNS.1   = <server fqdn>

Next we'll use this config file and generate a key and csr, please fill out the releavnt locality info during this setup:

 openssl req -out server.csr -newkey rsa:2048 -nodes -keyout private.key -config san.cnf

This will generate 2 files:

private.key
server.csr

Copy the file private.key to the private certs folder

cp private.key /etc/pki/tls/private/

Ensure the file is in the proper location before deleting it:

cat /etc/pki/tls/private/private.key

rm private.key

Send the CSR to the Certificate Authority of choice

cat  server.csr

The certificate authority will reply with a signed public key and intermediary certs.