As opposed to Windows, Linux doesn't have crypto APIs that would be usable by user-mode applications. Linux does have Kernel level CryptoAPI (crypto.h) which is accessible to kernel mode processes. As such applications store certificates in application specific locations. That way we end up with multiple copies of the same certificate. One way to workaroud is to designate a directory for certificate storage and create symbolic links in required directories.
The Linux Kernel Cryptographic API overview: https://thesweeheng.files.wordpress.com/2007/11/6451.pdf
Generate CSR using a new key pair:
openssl req -nodes -newkey rsa:1024 -keyout serverName.key -out serverName.csr
Generate CSR using an existing key pair:
openssl req -new -key serverName.key -out serverName.csr
Once the request is signed, certs and keypair must be copied to relevant location. Most Linux applications require Base64 encoded certificate with .PEM extension. This however may vary. Apache for example requires Base64 encoded .CRT certificate.
Sample storage locations:
~/.cisco/certificates/ca Root CA
~/.cisco/certificates/client User certificate
/opt/.cisco/certificates/ca Root CA
/opt/.cisco/certificates/client Client certificates
Locations of cert and private key are specified in the config file (sample config below) per virtual host. Sample location:
Enabling SSL in Apache.
# e2enmod ssl
Configure Virtual Host:
This is configured in an httpd.conf or apache2.conf (which by default includes httpd.conf)
# service httpd restart
# apachectl -restart