If you want to install a certificate on your web server or any other type of server you must first obtain one.
- Determine where you need to install the cert. It is generally the load balancer, proxy or server that a URL points to and that URL is used as the Common Name. You can add more URLs or Subject Alternative Names to cover other instances and/or more URLs using one cert but that is beyond the scope of this piece.
- Generate a CSR and private key
- Submit CSR to a Certificate Authority (e.g. Digicert, Entrust, Let’s Encrypt).
- Certificate Authority will provide a signed certificate and possibly an intermediary certificate.
DigiCert has a nice wizard that helps create the OpenSSL command(on Linux) for generating a CSR. It also has wizards/instructions for generating CSRs using other methods.
Converting a .crt to .pem and other conversions.
openssl x509 -in cert.crt -out cert.pem
openssl pkcs12 -export -in linux_cert+ca.pem -inkey privateky.key -out output.pfx
Creating a .pfx using OpenSSL with root and intermediate
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile more.crt