## Request, create and verify new certificates **Prerequisite**: Have a collection of `openssl.conf` files named as their hostname, eg - gw1.conf - gw2.conf - lb1.conf Create new passwords for every conf: ```sh for i in *.conf; do openssl rand -base64 32 > ${i%.conf}.pass; done ``` Create new key files with passwords from file: ```sh for i in *.conf; do openssl genrsa -aes256 -passout file:${%i.conf}.pass -out ${i%.conf}.key 2048; done ``` Create CSRs: ```sh for i in *.conf; do openssl req -new -key ${i%.conf}.key -passin file:${i%.conf}.pass -out ${i%.conf}.csr -config $i; done ``` ### Then with with the CER (created/received): Create PEM from CER+KEY: ```sh for i in *.cer; do cat $i ${i%.cer}.key > ${i%.cer}.pem; done ``` Verify each PEM against CA: ```sh for i in *.pem; do openssl verify -verbose -x509_strict -CAfile ca.pem $i; done ```