For my F5 project I have the F5 generating a CSR and then having that CSR signed by a certificate authority. The signed cert is then uploaded back to the F5 and an SSL profiles created.
During the testing to avoid creating multiple signed certificates for the same domain name I decided to sign the cert myself and use my self signed certificate in the place of what would be the CA signed certificated.
For this I copied the CSR and private key from the F5 and put them on my WSL installation.
First I signed the SSL cert with the private key generated by the F5. This is creating the self signed certificate.
|
0 1 2 |
openssl x509 -in skelly.csr -out skelly_selfsigned.crt -req -signkey skelly.key -days 365 |
Next I checked all three components that their MD5 hashes matched. I could have performed the same on the CSR and private key before I singed the cert.
As you can see the commands are slightly different, but all the hashes match.
|
0 1 2 3 4 5 6 7 |
stef:~/certs/ca$ $ openssl rsa -noout -modulus -in skelly.key | openssl md5 (stdin)= d41d8cd98f00b204e9800998ecf8427e stef:~/certs/ca$ $ openssl req -noout -modulus -in skelly.csr | openssl md5 (stdin)= d41d8cd98f00b204e9800998ecf8427e stef:~/certs/ca$ $ openssl x509 -noout -modulus -in skelly_selfsigned.crt | openssl md5 (stdin)= d41d8cd98f00b204e9800998ecf8427e |