hi @Ayman / @vijin.palazhi / @mmumshad
In Lab - SSL & TLS Basics Q11 there is taks to create a CSR request . I tried to follow exactly same instruction as they are in the hints but I still get an error .
I deleted the .csr file and repeated the whole process but still the checks do not pass . Can you please review and revert what is missing ? What is the mistake below
===========================================================================
On app01
create a CSR
(certificate signing request) /etc/httpd/csr/app01.csr
(key name should be app01.key
). Below are the required details which should be used while creating CSR.
a. Country Name = SG
b. State or Province Name = Capital Tower
c. Locality Name = CT
d. Organization Name = KodeKloud
e. Organizational Unit Name = Education
f. Common Name = app01.com
g. Email Address = [email protected]
h. Keep challenge password
blank.
i. Keep optional company name
blank.
=======================================================================
tline Hint
cd
into /etc/httpd/csr
directory and run command openssl req -new -newkey rsa:2048 -nodes -keyout app01.key -out app01.csr
==========================================================================
tc/httpd/csr
[thor@app01 csr]$
[thor@app01 csr]$ openssl req -new -newkey rsa:2048 -nodes -keyout app01.key -out app01.csr
Generating a 2048 bit RSA private key
.....................................+++
....................................................................+++
writing new private key to 'app01.key'
app01.key: Permission denied
140110634317712:error:0200100D:system library:fopen:Permission denied:bss_file.c:402:fopen('app01.key','w')
140110634317712:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:404:
[thor@app01 csr]$
[thor@app01 csr]$ sudo openssl req -new -newkey rsa:2048 -nodes -keyout app01.key -out app01.csr
Generating a 2048 bit RSA private key
...........................................................................................................+++
.........+++
writing new private key to 'app01.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:SG
State or Province Name (full name) []:Capital Tower
Locality Name (eg, city) [Default City]:CT
Organization Name (eg, company) [Default Company Ltd]:KodeKloud
Organizational Unit Name (eg, section) []:Education
Common Name (eg, your name or your server's hostname) []:app01.com
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[thor@app01 csr]$
[thor@app01 csr]$ pwd
/etc/httpd/csr
[thor@app01 csr]$
[thor@app01 csr]$ history
1 clear
2 sudo yum update -y
3 clear
4 cat ~/.ssh/authorized_keys
5 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9Ohm5n2zHuKzFnef1HmIO766U7h9pm69AxzJnwwyoUJ5orAkNURLyz7NoUqvKg3zR1e/2cEVqH/3OkgzKMKxsigfp2OHLZZ34H2qE9BaTz6q5jRQVPwYjnd1FmZt+Ej0oHpyN0gOX9kJeGPd9sfta1H+uKbCdO2PP8QnESJeGG7IbgWAjc86qNuF01scSEnjJNTNhLYD/22WRVT2HBASH0BB9lVLFAYV2lw4xFWe6LDNTMKwEV0cqK7o4tIMZbVOp6kLA2pkWPAfG8XZDgUYvkFHDVfh8fikFW+ExtRwqvkqz+J9cyq/di/1eqJLexW1ftJkePtu3Co4fiK9gvSIZ thor@jump_host.stratos.xfusioncorp.com
6 vi ~/.ssh/authorized_keys
7 ssh-copy-id -i ~/.ssh/mykey.pub thor@app01
8 sudo ssh-copy-id -i ~/.ssh/mykey.pub thor@app01
9 clear
10 sudo yum update -y
11 sudo yum upgrade -y
12 sudo yum install openssl
13 sudo yum upgrade -y
14 sudo yum update -y
15 clear
16 cat /etc/httpd/csr/app01.csr
17 ls -al /etc/httpd/csr
18 cd /etc/httpd/csr
19 openssl req -new -newkey rsa:2048 -nodes -keyout app01.key -out app01.csr
20 sudo openssl req -new -newkey rsa:2048 -nodes -keyout app01.key -out app01.csr
21 pwd
22 ls -al
23 rm *
24 sudo rm *
25 ls -al
26 clear
27 pwd
28 openssl req -new -newkey rsa:2048 -nodes -keyout app01.key -out app01.csr
29 sudo openssl req -new -newkey rsa:2048 -nodes -keyout app01.key -out app01.csr
30 pwd
31 history
[thor@app01 csr]$
[thor@app01 csr]$ pwd
/etc/httpd/csr
[thor@app01 csr]$
[thor@app01 csr]$ date
Thu Jan 28 17:38:28 UTC 2021
[thor@app01 csr]$