{"id":40096,"date":"2025-08-26T13:54:42","date_gmt":"2025-08-26T03:54:42","guid":{"rendered":"https:\/\/www.businesslegions.com\/blog\/?p=40096"},"modified":"2025-08-26T13:54:42","modified_gmt":"2025-08-26T03:54:42","slug":"openssl-tutorial-create-a-private-key-and-ssl-certificate-from-the-terminal","status":"publish","type":"post","link":"https:\/\/www.businesslegions.com\/blog\/2025\/08\/26\/openssl-tutorial-create-a-private-key-and-ssl-certificate-from-the-terminal\/","title":{"rendered":"OPENSSL TUTORIAL: CREATE A PRIVATE KEY AND SSL CERTIFICATE FROM THE TERMINAL"},"content":{"rendered":"

In this guide, we\u2019ll walk through requesting a certificate in AWS Certificate Manager (ACM), exporting it with a passphrase, decrypting the private key on a Linux server, and installing the certificate into HestiaCP. I\u2019ll also point out exactly where each step happens with the screenshots referenced in the transcript.<\/p>\n

<\/iframe><\/p>\n<p><img decoding=\"async\" style=\"max-width: 100%; height: auto; border: 1px solid #ddd; margin-bottom: 1em; margin-top: 1em;\" src=\"https:\/\/cdn.businesslegions.com\/blog\/wp-content\/uploads\/2025\/08\/HOW_TO_EXPORT_AWS_CERTIFICATE_MANAGER_CERTIFICATE__1-9.png?strip=all&w=960\" alt=\"HOW_TO_EXPORT_AWS_CERTIFICATE_MANAGER_CERTIFICATE_-0-00-00.png\" \/><\/p>\n<h2>1) Request a public certificate in AWS Certificate Manager<\/h2>\n<p>Start by creating a certificate request in ACM for the domain (or subdomain) you want to secure.<\/p>\n<ul>\n<li>Open AWS Certificate Manager in your AWS console.<\/li>\n<li>Choose \u201cRequest\u201d and select \u201cRequest a public certificate.\u201d<\/li>\n<li>Add your domain names (e.g., example.com and\/or subdomains).<\/li>\n<\/ul>\n<p><img decoding=\"async\" style=\"max-width: 100%; height: auto; border: 1px solid #ddd; margin-bottom: 1em; margin-top: 1em;\" src=\"https:\/\/cdn.businesslegions.com\/blog\/wp-content\/uploads\/2025\/08\/HOW_TO_EXPORT_AWS_CERTIFICATE_MANAGER_CERTIFICATE__2-9.png?strip=all&w=960\" alt=\"HOW_TO_EXPORT_AWS_CERTIFICATE_MANAGER_CERTIFICATE_-0-00-24.png\" \/><\/p>\n<p>For validation, choose DNS validation. This method is fast, automatable, and keeps the validation record in your DNS, so future renewals are seamless.<\/p>\n<ul>\n<li>Add the provided CNAME records to your DNS host (Route 53 or your external DNS provider).<\/li>\n<li>Submit the request and wait for validation.<\/li>\n<\/ul>\n<p><img decoding=\"async\" style=\"max-width: 100%; height: auto; border: 1px solid #ddd; margin-bottom: 1em; margin-top: 1em;\" src=\"https:\/\/cdn.businesslegions.com\/blog\/wp-content\/uploads\/2025\/08\/HOW_TO_EXPORT_AWS_CERTIFICATE_MANAGER_CERTIFICATE__3-9.png?strip=all&w=960\" alt=\"HOW_TO_EXPORT_AWS_CERTIFICATE_MANAGER_CERTIFICATE_-0-00-54.png\" \/><\/p>\n<p>Once AWS confirms the DNS record, the certificate status will show as \u201cIssued.\u201d<\/p>\n<h2>2) Export the certificate from ACM<\/h2>\n<p>After the certificate is issued, click into the certificate details page via its Certificate ID.<\/p>\n<p>Use the Export option and set an encryption passphrase. This passphrase will be used to protect the private key during export.<\/p>\n<p><img decoding=\"async\" style=\"max-width: 100%; height: auto; border: 1px solid #ddd; margin-bottom: 1em; margin-top: 1em;\" src=\"https:\/\/cdn.businesslegions.com\/blog\/wp-content\/uploads\/2025\/08\/HOW_TO_EXPORT_AWS_CERTIFICATE_MANAGER_CERTIFICATE__4-9.png?strip=all&w=960\" alt=\"HOW_TO_EXPORT_AWS_CERTIFICATE_MANAGER_CERTIFICATE_-0-01-22.png\" \/><\/p>\n<p>Choose PEM encoding, then export and download the files. You\u2019ll get:<\/p>\n<ul>\n<li>Certificate body (certificate)<\/li>\n<li>Certificate chain (intermediate\/CA bundle)<\/li>\n<li>Private key (encrypted with your passphrase)<\/li>\n<\/ul>\n<p><img decoding=\"async\" style=\"max-width: 100%; height: auto; border: 1px solid #ddd; margin-bottom: 1em; margin-top: 1em;\" src=\"https:\/\/cdn.businesslegions.com\/blog\/wp-content\/uploads\/2025\/08\/HOW_TO_EXPORT_AWS_CERTIFICATE_MANAGER_CERTIFICATE__5-9.png?strip=all&w=960\" alt=\"HOW_TO_EXPORT_AWS_CERTIFICATE_MANAGER_CERTIFICATE_-0-01-52.png\" \/><\/p>\n<p>Save all three files securely. We\u2019ll need them to install the certificate later.<\/p>\n<h2>3) Decrypt the private key on a Linux server<\/h2>\n<p>To use the certificate with HestiaCP, you\u2019ll need the unencrypted private key. We\u2019ll decrypt it using OpenSSL on a Linux box (Ubuntu in this example).<\/p>\n<p>Create a file on your server and paste in the exported encrypted private key (the one you downloaded from ACM):<\/p>\n<p><img decoding=\"async\" style=\"max-width: 100%; height: auto; border: 1px solid #ddd; margin-bottom: 1em; margin-top: 1em;\" src=\"https:\/\/cdn.businesslegions.com\/blog\/wp-content\/uploads\/2025\/08\/HOW_TO_EXPORT_AWS_CERTIFICATE_MANAGER_CERTIFICATE__6-9.png?strip=all&w=960\" alt=\"HOW_TO_EXPORT_AWS_CERTIFICATE_MANAGER_CERTIFICATE_-0-02-20.png\" \/><\/p>\n<p>Verify OpenSSL is installed. If you see usage options when running the command below, you\u2019re good to go. Otherwise, install it (for Ubuntu: <code>sudo apt update && sudo apt install openssl<\/code>).<\/p>\n<p><img decoding=\"async\" style=\"max-width: 100%; height: auto; border: 1px solid #ddd; margin-bottom: 1em; margin-top: 1em;\" src=\"https:\/\/cdn.businesslegions.com\/blog\/wp-content\/uploads\/2025\/08\/HOW_TO_EXPORT_AWS_CERTIFICATE_MANAGER_CERTIFICATE__7-9.png?strip=all&w=960\" alt=\"HOW_TO_EXPORT_AWS_CERTIFICATE_MANAGER_CERTIFICATE_-0-02-55.png\" \/><\/p>\n<p>Run the following command to decrypt the key. Replace the filenames with your actual paths.<\/p>\n<pre><code>openssl rsa -in encrypted-private-key.pem -out decrypted-private-key.pem\r\n<\/code><\/pre>\n<p>When prompted, enter the passphrase you set during export. After success, you\u2019ll have a decrypted private key file you can use with HestiaCP.<\/p>\n<p><img decoding=\"async\" style=\"max-width: 100%; height: auto; border: 1px solid #ddd; margin-bottom: 1em; margin-top: 1em;\" src=\"https:\/\/cdn.businesslegions.com\/blog\/wp-content\/uploads\/2025\/08\/HOW_TO_EXPORT_AWS_CERTIFICATE_MANAGER_CERTIFICATE__8-9.png?strip=all&w=960\" alt=\"HOW_TO_EXPORT_AWS_CERTIFICATE_MANAGER_CERTIFICATE_-0-03-24.png\" \/><\/p>\n<h2>4) Install the certificate in HestiaCP<\/h2>\n<p>In HestiaCP, go to the domain\u2019s web settings (Web \u2192 your domain \u2192 Edit) and open the SSL section.<\/p>\n<ul>\n<li>SSL Certificate (CRT) field: Paste the Certificate body.<\/li>\n<li>SSL Certificate Authority \/ Intermediate (CA bundle) field: Paste the Certificate chain.<\/li>\n<li>SSL Key (KEY) field: Paste the decrypted private key (not the encrypted one).<\/li>\n<\/ul>\n<p><img decoding=\"async\" style=\"max-width: 100%; height: auto; border: 1px solid #ddd; margin-bottom: 1em; margin-top: 1em;\" src=\"https:\/\/cdn.businesslegions.com\/blog\/wp-content\/uploads\/2025\/08\/HOW_TO_EXPORT_AWS_CERTIFICATE_MANAGER_CERTIFICATE__9-9.png?strip=all&w=960\" alt=\"HOW_TO_EXPORT_AWS_CERTIFICATE_MANAGER_CERTIFICATE_-0-03-50.png\" \/><\/p>\n<p>Do not paste the original encrypted key. Make sure you copy the contents of the decrypted key you generated with OpenSSL.<\/p>\n<p><img decoding=\"async\" style=\"max-width: 100%; height: auto; border: 1px solid #ddd; margin-bottom: 1em; margin-top: 1em;\" src=\"https:\/\/cdn.businesslegions.com\/blog\/wp-content\/uploads\/2025\/08\/HOW_TO_EXPORT_AWS_CERTIFICATE_MANAGER_CERTIFICATE__10-9.png?strip=all&w=960\" alt=\"HOW_TO_EXPORT_AWS_CERTIFICATE_MANAGER_CERTIFICATE_-0-04-16.png\" \/><\/p>\n<p>Save your changes. After saving, the certificate should be active for the domain, and your site should load over HTTPS without warnings.<\/p>\n<p><img decoding=\"async\" style=\"max-width: 100%; height: auto; border: 1px solid #ddd; margin-bottom: 1em; margin-top: 1em;\" src=\"https:\/\/cdn.businesslegions.com\/blog\/wp-content\/uploads\/2025\/08\/HOW_TO_EXPORT_AWS_CERTIFICATE_MANAGER_CERTIFICATE__11-9.png?strip=all&w=960\" alt=\"HOW_TO_EXPORT_AWS_CERTIFICATE_MANAGER_CERTIFICATE_-0-04-50.png\" \/><\/p>\n<h2>Tips and troubleshooting<\/h2>\n<ul>\n<li>If the Export option isn\u2019t visible in ACM, double-check the certificate type and region. Ensure you\u2019re exporting the certificate you just issued.<\/li>\n<li>If HestiaCP rejects the key, confirm you pasted the decrypted private key (PEM format with <code>-----BEGIN PRIVATE KEY-----<\/code> headers).<\/li>\n<li>Ensure your CA bundle is complete. Paste the full chain provided by AWS.<\/li>\n<li>After installation, test with an SSL checker (e.g., SSL Labs) to verify the chain and expiry.<\/li>\n<\/ul>\n<p>That\u2019s it! You\u2019ve requested, exported, decrypted, and installed an AWS Certificate Manager certificate in HestiaCP.<\/p>\n<hr \/>\n<p style=\"text-align: center;\"><img decoding=\"async\" src=\"https:\/\/cdn.businesslegions.com\/blog\/wp-content\/uploads\/2025\/08\/auto_infographic_496b0b01_12.jpg?strip=all&w=960\" alt=\"Infographic\" \/><\/p>\n<div class=\"lt-box\" style=\"border:1px solid #1d6a9e\"><div class=\"lt-box-title\" style=\"background-color:#2485C6;border-top:1px solid #a7cee8;text-shadow:1px 1px 0 #0b283b\">DO YOU LIKE WHAT YOU'VE READ?<\/div><div class=\"lt-box-content\">Join our subscription list and receive our content right in your mailbox. If you like to receive some Great deals our Freebies then subscribe now!\r\n\r\n<p><div class=\"tnp tnp-subscription \">\n<form method=\"post\" action=\"https:\/\/www.businesslegions.com\/blog\/wp-admin\/admin-ajax.php?action=tnp&na=s\">\n<input type=\"hidden\" name=\"nlang\" value=\"\">\n<div class=\"tnp-field tnp-field-firstname\"><label for=\"tnp-1\">Name<\/label>\n<input class=\"tnp-name\" type=\"text\" name=\"nn\" id=\"tnp-1\" value=\"\" placeholder=\"\"><\/div>\n<div class=\"tnp-field tnp-field-email\"><label for=\"tnp-2\">Email<\/label>\n<input class=\"tnp-email\" type=\"email\" name=\"ne\" id=\"tnp-2\" value=\"\" placeholder=\"\" required><\/div>\n<div class=\"tnp-field tnp-field-button\" style=\"text-align: left\"><input class=\"tnp-submit\" type=\"submit\" value=\"Subscribe\" style=\"\">\n<\/div>\n<\/form>\n<\/div>\n<\/p>\r\n\r\n<\/div><\/div>\n<div style=\"font-size: 0px; height: 0px; line-height: 0px; margin: 0; padding: 0; clear: both;\"><\/div>","protected":false},"excerpt":{"rendered":"<p>In this guide, we\u2019ll walk through requesting a certificate in AWS Certificate Manager (ACM), exporting it with a passphrase, decrypting the private key on a Linux server, and installing the certificate into HestiaCP. I\u2019ll also point out exactly where each step happens with the screenshots referenced in the transcript. 1) Request a public certificate in […]<\/p>\n","protected":false},"author":1,"featured_media":40095,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[9156,2360,9161,9182,9154,9157,9155,9159,9178,9183],"class_list":["post-40096","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-business","tag-generate-csr","tag-https","tag-install-ssl","tag-macos-linux-windows","tag-openssl","tag-private-key","tag-ssl-certificate","tag-terminal-tutorial","tag-tls","tag-web-hosting-setup"],"_links":{"self":[{"href":"https:\/\/www.businesslegions.com\/blog\/wp-json\/wp\/v2\/posts\/40096","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.businesslegions.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.businesslegions.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.businesslegions.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.businesslegions.com\/blog\/wp-json\/wp\/v2\/comments?post=40096"}],"version-history":[{"count":1,"href":"https:\/\/www.businesslegions.com\/blog\/wp-json\/wp\/v2\/posts\/40096\/revisions"}],"predecessor-version":[{"id":40115,"href":"https:\/\/www.businesslegions.com\/blog\/wp-json\/wp\/v2\/posts\/40096\/revisions\/40115"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.businesslegions.com\/blog\/wp-json\/wp\/v2\/media\/40095"}],"wp:attachment":[{"href":"https:\/\/www.businesslegions.com\/blog\/wp-json\/wp\/v2\/media?parent=40096"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.businesslegions.com\/blog\/wp-json\/wp\/v2\/categories?post=40096"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.businesslegions.com\/blog\/wp-json\/wp\/v2\/tags?post=40096"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}