Step-by-step instructions for creating a Certificate Signing Request and Private Key
Need help creating a Certificate Signing Request (CSR) using OpenSSL commands on Apache? Good! You’ve come to the right place. A year ago, I probably couldn’t have helped you answer this question but good ol’ Carl has learned a thing or two about SSL certificates, CSRs and hopefully even something about Apache servers—or else this last part might be kind of tough.
Let’s start with your CSR. A Certificate Signing Request acts as sort of a de facto application for your certificate. The Certificate Authority that’s issuing the certificate will use the information contained in the CSR to fill out the certificate. That’s why it’s critical that every piece of information you put in your CSR is accurate. Any problem, even the tiniest grammatical miscalculation, can have catastrophic effects.
Ok, so maybe not like end-of-the-world catastrophic. I just like a little bit of hyperbole. It’s more of a “this was a waste of my time” disaster. So that’s my preface when you fill this CSR out, get it right. There’s nothing worse than having to do it all over again.
How to Generate a CSR Using Apache OpenSSL
For starters, you’ll need to have SSH access at server- and root-level permissions in order to generate your CSR and Private Key.
- Using Putty, connect to Apache Server SSH and login as root. Type the command below when prompted:
openssl req -new -newkey rsa:2048 -nodes -keyout yourdomainn.key -out yourdomain.csr
- The command should create two new files: a private key and a CSR. Keep a copy of your private key secure and then complete the CSR.
Note: The private key is thusly named because it needs to be kept safely. A compromised private key means a compromised SSL certificate.
You are now going to be asked to give some specific information:
- Country Name (2 letter code) [XX]:
- State or Province Name (full name) :
- Locality Name (city) [Default City]:
- Organization Name (company) [Default Company Ltd]:
- Organizational Unit Name (department, division) :
- Common Name (your name or your server’s hostname) :
- Email Address :
Congratulations! After filling out the required fields, your CSR will be saved and is now ready for the CA.
Other Important Resources
Apache SSL Certificates
Easy and quick issuance of Apache SSL Certificates. Protect a website through top DV SSL certificates in few minutes.