How to create a self-signed or trusted third-party certificate with openssl

Environment

SUSE
GroupWise
eDirectory

How to generate a self-signed or trusted 3rd-party certificate using NetIQ Cool Tool OpenSSL-Toolkit

How to generate a self-signed or trusted third-party certificate using openssl:

Generate a Private Key by following the steps below from a terminal window:
- openssl genrsa -des3 -out server.key 2048
- Type the pass phrase to protect the key and press [Enter]
- Re-enter the pass phrase.
Generate a Certificate Signing Request by following the steps below:
- openssl req -new -key server.key -out server.csr
- Enter the pass phrase of the private key created in Step 1.
- Fill in the Country Name, State or Province Name, Locality Name, Organization Name, Organizational Unit Name, Common Name, Email Address.
  Note: The Common Name should be the DNS name of the server (i.e. server.mydomain.com).
- When asked for a Challenge password and optional company name, leave it blank.
To sign the certificate, please select from the following options:

(Trusted 3rd-party Certificate Authority) Send the Certificate-Signing Request (CSR) to the third party for their signing. The following files should be received:

openssl x509 -req -days 730 -in server.csr -signkey server.key -out server.crt
Note: Increase or decrease 730 as needed. This is the number of days the certificate is valid for.
Enter the pass phrase of the Private Key. This is the same pass phrase that was entered in Step 1.

(optional) If needed, create a concatenated PEM file:
TID 7013103 - How to create a .pem File for SSL Certificate Installations

TID 7015502 - Common Mistakes in SSL Certificate Management & Implementation.

TID 7013103 - How to create a .pem File for SSL Certificate Installations.

How to generate a self-signed certificate using NetIQ Cool Tool OpenSSL-Toolkit:

(Self-signed) Create the self-signed certificate:
Select Create certificates | Self-Signed SSL Certificate (key, csr, crt)
Note the following files will be created: server.key (private key), server.csr (certificate signing-request), server.crt (public key - server certificate), server.pem (concatenated pem file).
(Trusted 3rd-party) Create the Private Key and Certificate Signing Request:
Select Private key & Certificate Signing Request (key, csr)
Note the following files will be created: server.key (private key), server.csr (certificate signing-request).

When filling out the prompted details:
- Private Key:
  - Provide the path for a working directory to store these certificate files in.
  - Type the pass phrase to protect the key and press [Enter]
  - Re-enter the pass phrase.
- Certificate-Signing Request (CSR):
  - Fill in the Country Name, State or Province Name, Locality Name, Organization Name, Organizational Unit Name, Common Name, Email Address.
    Note: The Common Name should be the DNS name of the server (i.e. server.mydomain.com).
  - When asked for a Challenge password and optional company name, leave it blank.
- (conditional) Self-Signed Certificate:
  - Increase or decrease 730 as needed. This is the number of days the certificate is valid for.
  - Enter the pass phrase of the Private Key
(conditional) If creating a Trusted 3rd-party certificate, please Submit the Certificate-Signing Request (CSR) to the Trusted 3rd-party Certificate Authority for signing. The following files should be received:
- Server certificate (public key)
- Intermediate CA and/or bundles that chain to the Trusted Root CA