OpenSSL is a common utility used to generate a pair of private key and public Certificate Signing Request (CSR) for Apache web servers. In this tutorial, we will describe the steps to generate a Certificate Signing (CSR) from Apache 2.x web server.
- Login to your Linux machine via SSH and type the following command. While issuing the command, don't forget to replace your-domain-name with your actual domain name.
openssl req -new -newkey rsa:2048 -nodes -keyout your-domain-name.key -out your-domain-name.csr
- This command will generate two files, Private-Key file for the decryption of the SSL Certificate and Certificate Signing Request (CSR) file. You will now be asked to enter following information to generate the CSR key.
Once the necessary information is filled up, you will get your-domain-name.csr and your-domain-name.key files in the folder where the command was run. Open your-domain-name.csr file with a text-editor. Copy CSR key and paste in SSL certificate request page. Similarly, open your-domain-name.key file to get a private key.
- Common Name: Enter the Fully Qualified Domain Name of your website. When you generate a CSR key for Wildcard SSL, common name must start with * (asterisk). For Example, *.your-domain-name.com.
- Organization: Enter the legal/registered name of your organization.
- Organization Unit: Enter exact section of your organization, if applicable.
- City or Locality: Enter name of the city where your organization is registered. Do not abbreviate it.
- State or Province: Enter name of the state or province where your company is located. Do not abbreviate it.
- Country: Enter two letter ISO (International Organization for Standardization) abbreviation for your country.