Browsers started to warn users about certificates with Sha1 signature. Sha256 is needed now a days.
So it’s time to renew certificates from Thawte, Godaddy, etc
You can generate a new Certificate Signing Request with openssl with this command:
openssl req -nodes -newkey rsa:2048 -keyout servername.key -out servername.csr -sha256
“servername.csr” is an ascii file you can send or paste to your certification authority’s interfaces.
Version: tested with OpenSSL 1.0.1e 11 Feb 2013 on Debian 7
For SSH, HTTPS, TLS SMTP,POPS, IMAPS you need a RSA key pair. Most Linux package installers produce this pairs automatically, but if you like, you can generate them yourself.
The quickest method I found is:
openssl req -x509 -nodes -newkey rsa:2048 -keyout servername.key -out servername.crt -days 1024
This command asks you some questions. The most important one is:
Common Name (e.g. server FQDN or YOUR name)
Enter the hostname of your server here.
You can check the content of key and crt files with these commands:
openssl rsa -in servername.key -text
openssl x509 -in servername.crt -text