Posit Open Source
Resources

Enabling SSL SERIES 1/4: Creating an SSL Cert

video
Dec 15, 2025
2:55

image: thumbnail.jpg

Transcript#

This transcript was generated automatically and may contain errors.

Hey everyone, my name is Cecil and I'm here with my colleague Jay and we're part of the Posit support team and we're going to walk through today the creation of an SSL certificate.

So in many cases there are a number of different commands you can use, but the one that we like to use for testing purposes is using OpenSSL. So this command, OpenSSL REC, creates the new certificate. Nodes, that's actually Nodes, which means the key file isn't password-protected. You will run into issues if the key file is password-protected. New creates a new certificate and X.509 is the file format.

So in this case we're creating a key and a certificate file. So the key out flag dictates that the key is called PositKey with a .key extension and the dash out is for the certificate file. And in this case it's PositCert.crt. It's really important that the extension is either .crt or .pem. Otherwise you'll run into issues with Posit products.

Filling in certificate details

So when you create the certificate you'll get a hash that's generated for you and you'll need to fill in some details. So in this case you can put in your two-letter country code, your state or province name, locality, organization name. A lot of these fields aren't crucial. The organizational unit name, this is just to identify the SSL certificate.

The one that's really important is the common name, the CN of your SSL certificate. So this would need to match the FQDN or the DNS name of the server that you're installing the certificate on. And it's also important because if you were to generate this certificate and use it on another server you will run into issues because the FQDN will be different.

The one that's really important is the common name, the CN of your SSL certificate. So this would need to match the FQDN or the DNS name of the server that you're installing the certificate on.

So in this case for testing purposes we can just have PositDemo.com and we need to make sure that the URL of our host is PositDemo.com. So email address, this is more just to identify the certificate, if it's globally routable so we can skip that. And yep, the certificate is generated.