This website details the process of creating a certificate 

https://www.digicert.com/csr-creation-apache.htm

1. On the host VM create the following directory if not already present

    {{{sudo mkdir share}}}
    {{{sudo mkdir share/cert}}}
    {{{sudo mkdir share/cert/live}}}

1. On the host VM run the following command :

    {{{cd share/cert/live}}}
    {{{sudo openssl req -new -newkey rsa:2048 -sha256 -nodes -keyout briccs.xuhl-tr.nhs.uk.key -out briccs.xuhl-tr.nhs.uk.csr}}}

Ensure that the prefix for the .key and .csr is you '''domain name.'''

This command requires the following user input :



    {{{Generating a 2048 bit RSA private key}}}

    {{{........+++}}}

    {{{.................................+++}}}

    {{{writing new private key to 'briccs.xuhl-tr.nhs.uk.key'}}}

    {{{-----}}}

    {{{You are about to be asked to enter information that will be incorporated}}}

    {{{into your certificate request.}}}

    {{{What you are about to enter is what is called a Distinguished Name or a DN.}}}

    {{{There are quite a few fields but you can leave some blank}}}

    {{{For some fields there will be a default value,}}}

    {{{If you enter '.', the field will be left blank.}}}

    {{{-----}}}

    {{{Country Name (2 letter code) [AU]:UK}}}

    {{{State or Province Name (full name) [Some-State]:Leicestershire}}}

    {{{Locality Name (eg, city) []:Leicester}}}

    {{{Organization Name (eg, company) [Internet Widgits Pty Ltd]:University Hospitals of Leicester NHS Trust}}}

    {{{Organizational Unit Name (eg, section) []:Cardiovascular}}}

    {{{Common Name (e.g. server FQDN or YOUR name) []:briccs.xuhl-tr.nhs.uk}}}

    {{{Email Address []:}}}

    {{{Please enter the following 'extra' attributes}}}

    {{{to be sent with your certificate request}}}

    {{{A challenge password []: Pa55word}}}

    {{{An optional company name []:}}}

This command generates a .key and .csr


2. The .csr has to be self signed by UHL certificate authority. To do this you have to send the text of the .csr to UHL IT (Robert.Hallett@uhl-tr.nhs.uk)

Its important for UHL IT to provide it in base46 which is in text readable and not binary. The file they provide will be .cer

Name this file along the lines of briccs.xuhl-tr.nhs.uk.cer and place it :

    {{{sudo mv briccs.xuhl-tr.nhs.uk.cer /share/cert/live/}}}