Following commands will generate ca.key and ca.csr.

# openssl genrsa -out ca.key 2048
# openssl req -new -key ca.key -out ca.csr

Please correct me as required :

Above two can be sent to Certificate Authority to generate a ca.crt.

This ca.crt can be applied into the Linux server or load balancer.

Say this ca.crt was applied in Linux, is there a way to re-export this applied ca.crt to load balancer or is there no such thing ?

I still haven’t got the full concept of SSL Certificates.

well there is no "export" here. It's just some files on a box. you can put them wherever you feel like. They are not tied in any way to the machine they were created on.

No need to send key file to the CA. You just need to send CSR, copy and paste CSR content to the CA site and you will get certificate after payment.

Thanks

Start by carefully reading the SSL documentation. Especially about "self-signed certificates," because all certificates are cryptographically identical and ultimately are issued in the same way. The only difference is who issues them ... and with the very carefully inoculated "trust my brand-name" marketing approach. (Does your grandma even know what "trusted authorities" her iPad will accept? No. But if the site doesn't generate a pop-up "security warning," it must be 'secure.')

But, I digress.

You can go through the entire process, on your own machine, of creating a CSR and then signing it. You can be your own "certificate authority," and, mind you, that is what a great many corporations do with regard to their security-conscious internal systems.

Well the question is, whether there is export/import of certificates exists in Linux like in Windows ?

no, that's NOT the question. I already said there is no export. it's just some files in a directory for the most part. Java keystores are an exception, bu tthen that's Java, not Linux.

Thank you all.