Summary

SSL (Secure Sockets Layer) is a cryptographic protocol designed to provide secure communication over a computer network. It ensures the confidentiality, integrity, and authentication of data transferred between a client (e.g., web browser) and a server (e.g., website). SSL is commonly used in securing HTTP traffic, resulting in HTTPS (Hypertext Transfer Protocol Secure).

Though SSL is still commonly referred to, TLS (Transport Layer Security) is the modern version of SSL. TLS evolved from SSL and is considered more secure, but the term SSL is still widely used.

OpenSSL

Generate a CSR (secp384r1) and Private Key (ecdsa-with-SHA256)

Make a file called ssl-ecdsa.conf. Here's an example:

[ req ]
distinguished_name = req_distinguished_name
req_extensions     = req_ext

[ req_distinguished_name ]
countryName                     = Country Name (2 letter code)
stateOrProvinceName             = State or Province Name (full name)
localityName                    = Locality Name (eg, city)
organizationName                = Organization Name (eg, company)
commonName                      = Common Name (e.g. server FQDN or YOUR name)

countryName_default             = US
stateOrProvinceName_default     = Florida
localityName_default            = Tallahassee
organizationName_default        = LambNet
organizationalUnitName_default  = DaveNet
commonName_default              = davenet.lambnet.us

[ req_ext ]
basicConstraints    = CA:FALSE
keyUsage            = digitalSignature, keyEncipherment
extendedKeyUsage    = serverAuth
tlsfeature          = status_request
subjectAltName      = @alt_names

[alt_names]
# When using SANs, you must repeat the Common Name as a SAN
DNS.1   = davenet.lambnet.us

Then run:

openssl req -newkey ec:<(openssl ecparam -name secp384r1) -nodes -keyout server.key -out server.csr -config ssl-ecdsa.conf

Verify CSR

openssl req -noout -text -in server.req

Show Certificate Details (Exp date, etc.)

openssl x509 -noout -text -in server.cer